karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: Karaf security issue?
Date Wed, 02 Dec 2015 11:47:47 GMT
Actually, we implemented some workaround like the possibility to provide 
the shutdown command.

The random command ID is already generated by Karaf at startup.

I agree with Christian that it's not a huge security issue.

The corresponding Jira is there:

https://issues.apache.org/jira/browse/KARAF-3825

Regards
JB

On 12/02/2015 12:43 PM, Christian Schneider wrote:
> Yes.. as far as I can tell there is currently no fix.
> We could create a random secret at karaf start that then needs to be
> sent to the port to improve security.
>
> As the problem is only locally I would also not consider it to be too
> critical in most cases.
>
> Christian
>
> Am 01.12.2015 um 23:37 schrieb Mark R Green:
>> We had a software team trying to use this but the OSVDB site shows a
>> security issue with Karaf.
>> http://osvdb.org/show/osvdb/119812
>>
>> This does not appear to be fixed in 4.0.3?
>>
>> Mark
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message