cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajani Karuturi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-9927) Root admin user should be forced to change password
Date Thu, 06 Jul 2017 10:34:04 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-9927?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rajani Karuturi updated CLOUDSTACK-9927:
----------------------------------------
    Fix Version/s:     (was: 4.10.0.0)
                   4.10.1.0

> Root admin user should be forced to change password
> ---------------------------------------------------
>
>                 Key: CLOUDSTACK-9927
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9927
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>            Reporter: Harikrishna Patnala
>            Assignee: Harikrishna Patnala
>             Fix For: 4.10.1.0
>
>
> The default password for the root admin in CloudStack is "password". The user is not
required to change this password.
> Using CloudStack with the default password is the same as using it with no password.
An attacker could log onto the management UI or API and make changes to the system, delete
or steal resources, and stop services.
> Mitigation:
> Do not continue in UI until admin has changed his password to something other than the
default. Also, do not permit the admin to change his password back to the default one later.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message