[
https://issues.apache.org/jira/browse/AXIS2-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16399561#comment-16399561
]
robert lazarski commented on AXIS2-5910:
----------------------------------------
[~veithen] this is another issue I am looking for feedback, your comments would
be appreciated.
> axis2.xml uses weak password , automated penetration tools are complaining
> --------------------------------------------------------------------------
>
> Key: AXIS2-5910
> URL: https://issues.apache.org/jira/browse/AXIS2-5910
> Project: Axis2
> Issue Type: Bug
> Reporter: robert lazarski
> Priority: Major
>
> The are 48 axis2.xml file in source control it seems, and they all have the
> same weak password in each file.
> As penetration tools become ubiquitous, they are all finding the same problem
> with these weak credentials in axis2.xml .
> We should consider the Tomcat approach and just comment out the entire
> username / password section, as that doesn't seem to break anything. It
> doesn't, for example, break the happyaxis.jsp .
> Next step I suppose would be replacing all 48 files with comments, and
> running the unit tests?
> https://svn.apache.org/viewvc/tomcat/trunk/conf/tomcat-users.xml?view=co&revision=1745083&content-type=text%2Fplain
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
