You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pluto-dev@portals.apache.org by "Neil Griffin (Jira)" <ji...@apache.org> on 2021/12/16 16:26:00 UTC

[jira] [Updated] (PLUTO-782) Default "tomcat" and "pluto" users are granted "manager-gui" role

     [ https://issues.apache.org/jira/browse/PLUTO-782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Neil Griffin updated PLUTO-782:
-------------------------------
    Summary: Default "tomcat" and "pluto" users are granted "manager-gui" role  (was: Passwords on tomcat manager)

> Default "tomcat" and "pluto" users are granted "manager-gui" role
> -----------------------------------------------------------------
>
>                 Key: PLUTO-782
>                 URL: https://issues.apache.org/jira/browse/PLUTO-782
>             Project: Pluto
>          Issue Type: Bug
>    Affects Versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 3.0.0, 3.0.1, 3.1.0
>            Reporter: Louis
>            Assignee: Neil Griffin
>            Priority: Critical
>             Fix For: 3.1.2
>
>
> Hi,
> I just downloaded your software and saw that the passwords used to protect the local tomcat users are very predictable. It would be better to disable those accounts as they basically allow anyone to get command execution on the underlying server.
>  
> People in charge can then add those accounts based on their requirements.
> Regards,
> Louis



--
This message was sent by Atlassian Jira
(v8.20.1#820001)