poulhs

SECURITY NOTICE: adminconsole messes up processes configuration

Discussion created by poulhs on Mar 16, 2016

BEWARE:

 

If you use your browsers feature to remember your username/password for your adminconsole access, and you use adminconsole to edit the processes probe configuration, it will automatically populate empty user/password fields with your UIM credentials.

 

When you save the configuration, these values are saved too (unless you clear them before saving).

 

This causes two problems:

1) a minor problem: the processes you are monitoring most likely should not be running with you as the owner, and hence it will trigger an alarm

2) a major problem: your UIM credentials are now located on a robot.

 

I have raised a ticket (00335972: Security/Bug: Processes probe wrong username and includes password) for this, but I thought that someone might like to know about this issue here...

Outcomes