cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harikrishna Patnala (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-9927) Root admin user should be forced to change password
Date Mon, 22 May 2017 06:07:04 GMT
Harikrishna Patnala created CLOUDSTACK-9927:
-----------------------------------------------

             Summary: Root admin user should be forced to change password
                 Key: CLOUDSTACK-9927
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9927
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
            Reporter: Harikrishna Patnala
            Assignee: Harikrishna Patnala
             Fix For: 4.10.0.0


The default password for the root admin in CloudStack is "password". The user is not required
to change this password.

Using CloudStack with the default password is the same as using it with no password. An attacker
could log onto the management UI or API and make changes to the system, delete or steal resources,
and stop services.

Mitigation:
Do not continue in UI until admin has changed his password to something other than the default.
Also, do not permit the admin to change his password back to the default one later.




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message