[ https://issues.apache.org/jira/browse/PLUTO-782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Neil Griffin closed PLUTO-782. ------------------------------ Resolution: Fixed > Default "tomcat" and "pluto" users are granted "manager-gui" role > ----------------------------------------------------------------- > > Key: PLUTO-782 > URL: https://issues.apache.org/jira/browse/PLUTO-782 > Project: Pluto > Issue Type: Bug > Affects Versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 3.0.0, 3.0.1, 3.1.0 > Reporter: Louis > Assignee: Neil Griffin > Priority: Critical > Fix For: 3.1.1 > > > Hi, > I just downloaded your software and saw that the passwords used to protect > the local tomcat users are very predictable. It would be better to disable > those accounts as they basically allow anyone to get command execution on the > underlying server. > > People in charge can then add those accounts based on their requirements. > Regards, > Louis -- This message was sent by Atlassian Jira (v8.20.1#820001)