[Security] Default user password in Container for ActiveMQ #1490
Assignees
Labels
Comments
ViliusS
added
kind/docker
armandomiani
added
good first issue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Category:
Container images
Type:
Default ActiveMQ installation is vulnerable to this issue https://issues.apache.org/jira/browse/AMQ-5388
Since GCP Container image modify a password only for admin account but not for user account and the image easily allows external access configured, the vulnerability is even more serious. Most DevOps guys are not aware that this user exist!
This also propagates to ActiveMQ Kubernetes App built on top of this image.
I have prepared an upstream patch but GCP image still needs to change the default password or, even better, disable user account by default with the possibility to enable it with regenerated password.
When the upstream patch is merged both Container Image and Kubernetes App for ActiveMQ needs to be updated.
The text was updated successfully, but these errors were encountered: