You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Harikrishna Patnala (JIRA)" <ji...@apache.org> on 2017/05/22 06:07:04 UTC

[jira] [Created] (CLOUDSTACK-9927) Root admin user should be forced to change password

Harikrishna Patnala created CLOUDSTACK-9927:
-----------------------------------------------

             Summary: Root admin user should be forced to change password
                 Key: CLOUDSTACK-9927
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9927
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
            Reporter: Harikrishna Patnala
            Assignee: Harikrishna Patnala
             Fix For: 4.10.0.0


The default password for the root admin in CloudStack is "password". The user is not required to change this password.

Using CloudStack with the default password is the same as using it with no password. An attacker could log onto the management UI or API and make changes to the system, delete or steal resources, and stop services.

Mitigation:
Do not continue in UI until admin has changed his password to something other than the default. Also, do not permit the admin to change his password back to the default one later.




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)