You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Harikrishna Patnala (JIRA)" <ji...@apache.org> on 2017/05/22 06:07:04 UTC
[jira] [Created] (CLOUDSTACK-9927) Root admin user should be forced
to change password
Harikrishna Patnala created CLOUDSTACK-9927:
-----------------------------------------------
Summary: Root admin user should be forced to change password
Key: CLOUDSTACK-9927
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9927
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Management Server
Reporter: Harikrishna Patnala
Assignee: Harikrishna Patnala
Fix For: 4.10.0.0
The default password for the root admin in CloudStack is "password". The user is not required to change this password.
Using CloudStack with the default password is the same as using it with no password. An attacker could log onto the management UI or API and make changes to the system, delete or steal resources, and stop services.
Mitigation:
Do not continue in UI until admin has changed his password to something other than the default. Also, do not permit the admin to change his password back to the default one later.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)