Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Easy default user and password is not secure #8

Open
alexbudarov opened this issue Aug 15, 2019 · 3 comments
Open

Easy default user and password is not secure #8

alexbudarov opened this issue Aug 15, 2019 · 3 comments
Assignees
@dtsaryov

Comments

@alexbudarov
Copy link
Member

Having admin/admin by default is not secure. These values are easy to guess.

If deploying person forgets to change password (or he/she is not informed about this add-on attached to the system at all) - then we have an open administrative access window to the system to any who knows system URL and has access to web client.
@alexbudarov
Copy link
Member Author

It's like if Postgres had root/root superuser account accessible from local network, right after installation.

@dtsaryov dtsaryov self-assigned this Aug 17, 2019
@dtsaryov
Copy link
Contributor

@alexbudarov all CUBA apps have these creds for admin role - are they also not secure? :)

@alexbudarov
Copy link
Member Author

Admin/admin for CUBA app is visible very well, it's on the foreground.

But people may:
a) do not know at all that cuba-jm was added to the application - if developers and operational team are separate
b) forget about cuba-jm because it is hidden inside
c) neglect it, not knowing that it provides administrative access

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dtsaryov dtsaryov

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexbudarov @dtsaryov