Vulnerability on Active MQ process on port 8161

book

Article ID: 97680

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

The"Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client. The admin interface of Apache ActiveMQ is accessible using default credentials - admin:admin. QID Detection Logic: This QID launches a request directed at the Apache ActiveMQ administration console with default credentials."

Impact:
Successfully exploiting this issue may allow attackers to obtain administrative access to the application.

 

Environment

Service Operations Insight 4.2

Resolution

The vulnerability can be taken care by updating jetty-realm.properties file in <activemq installed location>\conf folder

For example
C:\Program Files (x86)\CA\SOI\apache-activemq\conf

The password is mentioned as follows
# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin
user: user, user

Change the password and save the file.

Note
This needs restart the SOI MQ server and SOI Application server  services