[Security] Default User Password In Container For ActiveMQ #1490

Skip to content Dismiss alert {{ message }} GoogleCloudPlatform / click-to-deploy Public

• Notifications You must be signed in to change notification settings
• Fork 462
• Star 767

• Code
• Issues 68
• Pull requests 131
• Actions
• Projects
• Security

  Uh oh!

  There was an error while loading. Please reload this page.

• Insights

Additional navigation options

[Security] Default user password in Container for ActiveMQ #1490New issueCopy linkNew issueCopy linkOpenOpen[Security] Default user password in Container for ActiveMQ#1490Copy linkAssignees Labelsgood first issueGood for newcomersGood for newcomerskind/dockerRelated to the Docker imageRelated to the Docker image

Description

ViliusSopened on Nov 23, 2021Issue body actions

Category:

Container images

Type:

• Bug
• Feature Request
• Process

Default ActiveMQ installation is vulnerable to this issue https://issues.apache.org/jira/browse/AMQ-5388 Since GCP Container image modify a password only for admin account but not for user account and the image easily allows external access configured, the vulnerability is even more serious. Most DevOps guys are not aware that this user exist!

This also propagates to ActiveMQ Kubernetes App built on top of this image.

I have prepared an upstream patch but GCP image still needs to change the default password or, even better, disable user account by default with the possibility to enable it with regenerated password.

When the upstream patch is merged both Container Image and Kubernetes App for ActiveMQ needs to be updated.

Metadata

Metadata

Assignees

• marzinkievitz

Labels

good first issueGood for newcomersGood for newcomerskind/dockerRelated to the Docker imageRelated to the Docker image

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

You can’t perform that action at this time.