cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Demetrius Tsitrelis (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-6948) realhostip.keystore uses hard-coded password
Date Thu, 19 Jun 2014 23:48:24 GMT
Demetrius Tsitrelis created CLOUDSTACK-6948:
-----------------------------------------------

             Summary: realhostip.keystore uses hard-coded password
                 Key: CLOUDSTACK-6948
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6948
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server, Virtual Router
    Affects Versions: 4.3.0
            Reporter: Demetrius Tsitrelis


The config_ssl.sh and ConsoleProxySecureServerFactoryImpl.java files hard-code the password
as "vmops.com". This keystore contains the private key of the SSL server and if that is compromised
could allow for a man-in-the-middle attack.




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message