[ https://issues.apache.org/jira/browse/OFBIZ-2799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12741297#action_12741297 ]
chris snow commented on OFBIZ-2799: ----------------------------------- Current OOTB behavoir: >./ant run-install > # user forgets/doesn't know about ./ant create-admin-user-login > ./startofbiz.sh Attacker can access system with admin/ofbiz username/password. Perhaps run-install should prompt for a username and password for admin rather than just installing known passwords? That way if some forgets/doesn't know about ./ant create-admin-user-login, they won't have a vulnerable system. > security of demo data using default passwords > --------------------------------------------- > > Key: OFBIZ-2799 > URL: https://issues.apache.org/jira/browse/OFBIZ-2799 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Release Branch 9.04 > Reporter: chris snow > > After installing demo data should, admin user should be prompted to change > password on first log on. > All other accounts with password of 'ofbiz' should be disabled. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.