karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Resolved] (KARAF-4202) Password Management: Hardcoded Password
Date Sat, 25 Nov 2017 06:05:00 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré resolved KARAF-4202.
-----------------------------------------
    Resolution: Not A Problem

> Password Management: Hardcoded Password
> ---------------------------------------
>
>                 Key: KARAF-4202
>                 URL: https://issues.apache.org/jira/browse/KARAF-4202
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>            Assignee: Jean-Baptiste Onofré
>
> HP Fortify SCA and SciTools Understand were used to perform an application security scan
on karaf source code.
> Analysis: Hardcoded passwords may compromise system security in a way that cannot be
easily remedied.
> File: jaas/modules/src/main/java/org/apache/karaf/jaas/modules/syncope/SyncopeLoginModule.java
> Line: 47
> SyncopeLoginModule.java, lines 41-49:
> 41 public class SyncopeLoginModule extends AbstractKarafLoginModule {
> 42 
> 43     private final static Logger LOGGER = LoggerFactory.getLogger(SyncopeLoginModule.class);
> 44 
> 45     public final static String ADDRESS = "address";
> 46     public final static String ADMIN_USER = "admin.user"; // for the backing engine
> 47     public final static String ADMIN_PASSWORD = "admin.password"; // for the backing
engine
> 48 
> 49     private String address;



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message