| VID |
21828 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The remote administration console of the Apache Geronimo is protected with the default username and password. Geronimo is an open-source J2EE server from the Apache Software Foundation. The installation of Geronimo on the target Web server uses the default username and password to control access to its administrative console. The default password for the user "system" (that is already placed there for you in the initial run) is "manager". A remote attacker with knowledge of this account could connect to an affected application using the Web interface to gain unauthorized access and make unauthorized changes to the application's configuration settings.
* Platforms Affected:
The Apache Software Foundation, Geronimo Any version
Any operating system Any version |
| Recommendation |
Set up the default password to a value that is difficult to guess immediately by editing the 'var/security/users.properties' file. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
