You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Andres Bott (JIRA)" <ji...@apache.org> on 2019/01/02 18:12:00 UTC

[jira] [Commented] (FELIX-5985) Change the hardcoded WebConsole password

    [ https://issues.apache.org/jira/browse/FELIX-5985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16732269#comment-16732269 ] 

Andres Bott commented on FELIX-5985:
------------------------------------

Question: is it even relevant to strongly hash a public available default hardcoded password?

> Change the hardcoded WebConsole password
> ----------------------------------------
>
>                 Key: FELIX-5985
>                 URL: https://issues.apache.org/jira/browse/FELIX-5985
>             Project: Felix
>          Issue Type: Improvement
>          Components: Web Console
>            Reporter: Antonio Sanso
>            Priority: Major
>
> In FELIX-5934 we improved the way the WebConsole stores the password adding salting and multi iteration. The password is still hardcoded though at initialization (is basically the SHA-256 of admin without salt and iteration). See [0]
> [0] https://github.com/apache/felix/blob/0bfe4ca7ebc6e81f0a9f4186a7ef58df4d92b4c9/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManager.java#L167



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)