[
https://issues.apache.org/jira/browse/OFBIZ-2799?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12741297#action_12741297
]
chris snow commented on OFBIZ-2799:
-----------------------------------
Current OOTB behavoir:
>./ant run-install
> # user forgets/doesn't know about ./ant create-admin-user-login
> ./startofbiz.sh
Attacker can access system with admin/ofbiz username/password.
Perhaps run-install should prompt for a username and password for admin rather
than just installing known passwords? That way if some forgets/doesn't know
about ./ant create-admin-user-login, they won't have a vulnerable system.
> security of demo data using default passwords
> ---------------------------------------------
>
> Key: OFBIZ-2799
> URL: https://issues.apache.org/jira/browse/OFBIZ-2799
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 9.04
> Reporter: chris snow
>
> After installing demo data should, admin user should be prompted to change
> password on first log on.
> All other accounts with password of 'ofbiz' should be disabled.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
