You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Eduardo Aguinaga (JIRA)" <ji...@apache.org> on 2015/12/15 16:15:46 UTC

[jira] [Created] (KARAF-4202) Password Management: Hardcoded Password

Eduardo Aguinaga created KARAF-4202:
---------------------------------------

             Summary: Password Management: Hardcoded Password
                 Key: KARAF-4202
                 URL: https://issues.apache.org/jira/browse/KARAF-4202
             Project: Karaf
          Issue Type: Bug
    Affects Versions: 4.0.3
            Reporter: Eduardo Aguinaga


HP Fortify SCA and SciTools Understand were used to perform an application security scan on karaf source code.

Analysis: Hardcoded passwords may compromise system security in a way that cannot be easily remedied.

File: jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
Line: 47

SyncopeLoginModule.java, lines 41-49:
41 public class SyncopeLoginModule extends AbstractKarafLoginModule {
42 
43     private final static Logger LOGGER = LoggerFactory.getLogger(SyncopeLoginModule.class);
44 
45     public final static String ADDRESS = "address";
46     public final static String ADMIN_USER = "admin.user"; // for the backing engine
47     public final static String ADMIN_PASSWORD = "admin.password"; // for the backing engine
48 
49     private String address;



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)