geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevan Miller (JIRA)" <>
Subject [jira] [Created] (GERONIMO-5980) Improper encryption/obfuscation of passwords in configuration files
Date Thu, 26 May 2011 03:17:47 GMT
Improper encryption/obfuscation of passwords in configuration files

                 Key: GERONIMO-5980
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
            Reporter: Kevan Miller

Several users have reported problems starting Geronimo. The cause seems to be improperly encrypted
passwords. Plain text passwords will be encrypted/obfuscated in configuration files. A very
good hypothesis posed by Michael Peterson is that the problem occurs if you try to start Geronimo
with an improperly configured JAVA_HOMEStarting Geronimo without a JAVA_HOME configured may
cause passwords to be improperly encrypted. They may end up encrypted as {Simple}null

>From an email:

On May 25, 2011, at 9:56 PM, michael.peterson wrote:

Ok...I think I see what was happening. 

When I first installed and tried to run " run" I didn't 
have JAVA_HOME set. it failed with a bunch of messages. Then I 
realized that problem and set JAVA_HOME...but it looks like that time 
the property files have already been rewritten and the install 
corrupted. I didn't realize it was happening at the time of 
course...but since the new install was working I tried to redo the 
step to get to that broken state. The only way I could achieve that 
was to remove the JAVA_HOME and try and run geronimo. 

Does that make sense to you? 

This message is automatically generated by JIRA.
For more information on JIRA, see:

View raw message