[gatein-issues] [JBoss JIRA] Updated: (GTNMGMT-18) Authentication doesn't work in CLI
Tomas Kyjovsky (JIRA)
jira-events at lists.jboss.org
Tue Sep 27 15:54:26 EDT 2011
[ https://issues.jboss.org/browse/GTNMGMT-18?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tomas Kyjovsky updated GTNMGMT-18:
----------------------------------
Description:
Authentication doesn't work in CLI. It seems passords aren't verified, so anyone can login as root with blank password, and even if user isn't logged in as root he can execute "mgmt connect" command and export full portal structure.
----
[tkyjovsk at ---- ~]$ ssh -p 2000 root at localhost
root at ----'s password:
______
.~ ~. |`````````, .'. ..'''' | |
| |'''|''''' .''```. .'' |_________|
| | `. .' `. ..' | |
`.______.' | `. .' `. ....'' | | 1.0.0-beta22
Follow and support the project on http://crsh.googlecode.com
GateIn Management CLI running @ ----
It is Tue Sep 27 15:51:25 EDT 2011 now
% mgmt connect
Successfully connected to gatein management system: [user=root, container='portal', host='----']
% export mop /tmp
Export complete ! File location: /tmp/mop_2011-09-27_15-51-42.zip
was:
Authentication doesn't work in CLI. It seems passords aren't verified, so anyone can login as root with blank password, and even if user isn't logged in as root he can execute "mgmt connect" command and export full portal structure.
----
[tkyjovsk at perf13 ~]$ ssh -p 2000 perf13
tkyjovsk at perf13's password: BLANK_PASSWORD_HERE
______
.~ ~. |`````````, .'. ..'''' | |
| |'''|''''' .''```. .'' |_________|
| | `. .' `. ..' | |
`.______.' | `. .' `. ....'' | | 1.0.0-beta22
Follow and support the project on http://crsh.googlecode.com
GateIn Management CLI running @ perf13.mw.lab.eng.bos.redhat.com
It is Tue Sep 27 15:41:23 EDT 2011 now
% mgmt connect
Successfully connected to gatein management system: [user=root, container='portal', host='perf13.mw.lab.eng.bos.redhat.com/10.16.88.191']
% export mop /home/tkyjovsk/tmp
Export complete ! File location: /home/tkyjovsk/tmp/mop_2011-09-27_15-41-44.zip
> Authentication doesn't work in CLI
> ----------------------------------
>
> Key: GTNMGMT-18
> URL: https://issues.jboss.org/browse/GTNMGMT-18
> Project: GateIn Management
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: cli
> Affects Versions: 1.0.0-Beta03
> Environment: SSH-2.0-OpenSSH_4.3
> Reporter: Tomas Kyjovsky
> Assignee: Nick Scavelli
>
> Authentication doesn't work in CLI. It seems passords aren't verified, so anyone can login as root with blank password, and even if user isn't logged in as root he can execute "mgmt connect" command and export full portal structure.
> ----
> [tkyjovsk at ---- ~]$ ssh -p 2000 root at localhost
> root at ----'s password:
> ______
> .~ ~. |`````````, .'. ..'''' | |
> | |'''|''''' .''```. .'' |_________|
> | | `. .' `. ..' | |
> `.______.' | `. .' `. ....'' | | 1.0.0-beta22
> Follow and support the project on http://crsh.googlecode.com
> GateIn Management CLI running @ ----
> It is Tue Sep 27 15:51:25 EDT 2011 now
> % mgmt connect
> Successfully connected to gatein management system: [user=root, container='portal', host='----']
> % export mop /tmp
> Export complete ! File location: /tmp/mop_2011-09-27_15-51-42.zip
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list