[
https://issues.jboss.org/browse/GTNMGMT-18?page=com.atlassian.jira.plugin...
]
Tomas Kyjovsky updated GTNMGMT-18:
----------------------------------
Description:
Authentication doesn't work in CLI. It seems passords aren't verified, so anyone
can login as root with blank password, and even if user isn't logged in as root he can
execute "mgmt connect" command and export full portal structure.
----
[tkyjovsk@---- ~]$ ssh -p 2000 root@localhost
root@----'s password:
______
.~ ~. |`````````, .'. ..'''' |
|
| |'''|''''' .''```.
.'' |_________|
| | `. .' `. ..' | |
`.______.' | `. .' `. ....'' | |
1.0.0-beta22
Follow and support the project on
http://crsh.googlecode.com
GateIn Management CLI running @ ----
It is Tue Sep 27 15:51:25 EDT 2011 now
% mgmt connect
Successfully connected to gatein management system: [user=root,
container='portal', host='----']
% export mop /tmp
Export complete ! File location: /tmp/mop_2011-09-27_15-51-42.zip
was:
Authentication doesn't work in CLI. It seems passords aren't verified, so anyone
can login as root with blank password, and even if user isn't logged in as root he can
execute "mgmt connect" command and export full portal structure.
----
[tkyjovsk@perf13 ~]$ ssh -p 2000 perf13
tkyjovsk@perf13's password: BLANK_PASSWORD_HERE
______
.~ ~. |`````````, .'. ..'''' |
|
| |'''|''''' .''```.
.'' |_________|
| | `. .' `. ..' | |
`.______.' | `. .' `. ....'' | |
1.0.0-beta22
Follow and support the project on
http://crsh.googlecode.com
GateIn Management CLI running @
perf13.mw.lab.eng.bos.redhat.com
It is Tue Sep 27 15:41:23 EDT 2011 now
% mgmt connect
Successfully connected to gatein management system: [user=root,
container='portal',
host='perf13.mw.lab.eng.bos.redhat.com/10.16.88.191']
% export mop /home/tkyjovsk/tmp
Export complete ! File location: /home/tkyjovsk/tmp/mop_2011-09-27_15-41-44.zip
Authentication doesn't work in CLI
----------------------------------
Key: GTNMGMT-18
URL:
https://issues.jboss.org/browse/GTNMGMT-18
Project: GateIn Management
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: cli
Affects Versions: 1.0.0-Beta03
Environment: SSH-2.0-OpenSSH_4.3
Reporter: Tomas Kyjovsky
Assignee: Nick Scavelli
Authentication doesn't work in CLI. It seems passords aren't verified, so anyone
can login as root with blank password, and even if user isn't logged in as root he can
execute "mgmt connect" command and export full portal structure.
----
[tkyjovsk@---- ~]$ ssh -p 2000 root@localhost
root@----'s password:
______
.~ ~. |`````````, .'. ..'''' |
|
| |'''|''''' .''```.
.'' |_________|
| | `. .' `. ..' | |
`.______.' | `. .' `. ....'' | |
1.0.0-beta22
Follow and support the project on
http://crsh.googlecode.com
GateIn Management CLI running @ ----
It is Tue Sep 27 15:51:25 EDT 2011 now
% mgmt connect
Successfully connected to gatein management system: [user=root,
container='portal', host='----']
% export mop /tmp
Export complete ! File location: /tmp/mop_2011-09-27_15-51-42.zip
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira