Hi, http://goohackle.com/jboss-security-vulnerability-jmx-management-console/ http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf Just try to google for "jboss jmx management console" or "MBean inspector" and you can hack or shutdown lot of JBoss instalations. I know that it is fault of the admins, but there are techniques how to prevent it. Maybe collegues from RedHat security can advise. Something like: - the console is secured and random password for admin is generated during the installation process (or maybe during the first run of the server? or anytime a password is null a random password is generated?) - the console is not configured by default. instead, the localhost:8080 points to a static web page, which tell the user how to start secured (or unsecured) jmx-console View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4220569#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...