I was notified by our security office of the following security issue on the SOI manager host:
How do we modify the user / password.
SOI manager |
Apache Axis2 Default Credentials |
Plugin Output: |
TCP |
7090 |
The installation of Apache Axis2 hosted on the remote web server uses a default set of credentials to control access to its administrative console. A remote attacker can exploit this to gain administrative control. |
*
Release : 4.2
This affects the SOI manager host only.
The apache axis2 webpage is shipped with the default password.
Copy and save
C:\Program Files (x86)\CA\SOI\tomcat\webapps\axis2\WEB-INF\conf\axis2.xml
Edit the original file to change the password:
Change the following:
<parameter name="userName">admin</parameter>
<parameter name="password">DEFAULT PASSWORD</parameter>
Into:
<parameter name="userName">admin</parameter>
<parameter name="password"><newpassword></parameter>
Save the file.
Restart the SOI Application Server Service
*