karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: Karaf security issue?
Date Wed, 02 Dec 2015 11:47:47 GMT
Actually, we implemented some workaround like the possibility to provide 
the shutdown command.

The random command ID is already generated by Karaf at startup.

I agree with Christian that it's not a huge security issue.

The corresponding Jira is there:



On 12/02/2015 12:43 PM, Christian Schneider wrote:
> Yes.. as far as I can tell there is currently no fix.
> We could create a random secret at karaf start that then needs to be
> sent to the port to improve security.
> As the problem is only locally I would also not consider it to be too
> critical in most cases.
> Christian
> Am 01.12.2015 um 23:37 schrieb Mark R Green:
>> We had a software team trying to use this but the OSVDB site shows a
>> security issue with Karaf.
>> http://osvdb.org/show/osvdb/119812
>> This does not appear to be fixed in 4.0.3?
>> Mark

Jean-Baptiste Onofré
Talend - http://www.talend.com

View raw message