Description
Selenium VNC is using a weak password by default, attackers can login to vnc and obtain high permissions.
Solution
Upgrade selenium image to 4.10.0 and disable VNC by default.
System administrator can enable VNC manually, run VNC in view-only mode and set a complex password.
See:
metersphere/installer@35598ac
metersphere/installer@02dd31c
Description
Selenium VNC is using a weak password by default, attackers can login to vnc and obtain high permissions.
Solution
Upgrade selenium image to 4.10.0 and disable VNC by default.
System administrator can enable VNC manually, run VNC in view-only mode and set a complex password.
See:
metersphere/installer@35598ac
metersphere/installer@02dd31c