[jira] [Updated] (PLUTO-782) Passwords on tomcat manager

Neil Griffin (Jira) Thu, 16 Dec 2021 08:23:28 -0800


     [ 
https://issues.apache.org/jira/browse/PLUTO-782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Neil Griffin updated PLUTO-782:
-------------------------------
    Affects Version/s: 3.0.1
                       3.0.0
                       2.0.3
                       2.0.2
                       2.0.1
                       2.0.0

> Passwords on tomcat manager
> ---------------------------
>
>                 Key: PLUTO-782
>                 URL: https://issues.apache.org/jira/browse/PLUTO-782
>             Project: Pluto
>          Issue Type: Bug
>    Affects Versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 3.0.0, 3.0.1, 3.1.0
>            Reporter: Louis
>            Assignee: Neil Griffin
>            Priority: Critical
>
> Hi,
> I just downloaded your software and saw that the passwords used to protect 
> the local tomcat users are very predictable. It would be better to disable 
> those accounts as they basically allow anyone to get command execution on the 
> underlying server.
>  
> People in charge can then add those accounts based on their requirements.
> Regards,
> Louis



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Updated] (PLUTO-782) Passwords on tomcat manager

Reply via email to