Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.0.0, 2.0.1, 2.0.2, 2.0.3, 3.0.0, 3.0.1, 3.1.0
-
None
-
None
Description
Hi,
I just downloaded your software and saw that the passwords used to protect the local tomcat users are very predictable. It would be better to disable those accounts as they basically allow anyone to get command execution on the underlying server.
People in charge can then add those accounts based on their requirements.
Regards,
Louis