Default Password - Apache Axis2
search cancel

Default Password - Apache Axis2

book

Article ID: 258506

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

I was notified by our security office of the following security issue on the SOI manager host:

How do we modify the user / password. 

 

SOI manager

Apache Axis2 Default Credentials

Plugin Output:
Nessus was able to gain access to the administrative interface using
the following information :

  URL      : http://X.X.X.X:7090/axis2/axis2-admin/login
  User     : admin
  Password : axis2

TCP

7090

The installation of Apache Axis2 hosted on the remote web server uses a default set of credentials to control access to its administrative console. A remote attacker can exploit this to gain administrative control.

 

*

Environment

Release : 4.2

This affects the SOI manager host only.

Cause

The apache axis2 webpage is shipped with the default password.

Resolution

Copy and save

C:\Program Files (x86)\CA\SOI\tomcat\webapps\axis2\WEB-INF\conf\axis2.xml

Edit the original file to change the password:

Change the following:

 

<parameter name="userName">admin</parameter>

<parameter name="password">axis2</parameter>

 

Into:

 

<parameter name="userName">admin</parameter>

<parameter name="password"><newpassword></parameter>

 

Save the file.

Restart the SOI Application Server Service

 

*

Additional Information

https://axis.apache.org/axis2/java/core/

Powered by Wolken Software