geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Woods (JIRA)" <j...@apache.org>
Subject [jira] Created: (GERONIMO-3404) Using a Null Username allows access to a running 2.0 server
Date Mon, 13 Aug 2007 20:57:31 GMT
Using a Null Username allows access to a running 2.0 server
-----------------------------------------------------------

                 Key: GERONIMO-3404
                 URL: https://issues.apache.org/jira/browse/GERONIMO-3404
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.0
         Environment: Released geronimo-tomcat6-jee5-2.0-bin.zip on WinXP and on Linux
            Reporter: Donald Woods
            Priority: Critical
             Fix For: 2.0.x, 2.1


I was just testing the geronimo-tomcat6-jee5-2.0-bin.zip on a new WinXP machine and discovered
that anyone can administer a Geronimo server (local or remotely) if they enter a null Username
when prompted by the deploy or geronimo scripts.  I verified that the <user_home>\.geronimo-deployer
file did not exist on the WinXP machine and on a Linux box I used to verify the remote scenario....



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message