Closed s-b-repo closed 11 months ago
Not a bug. This is just a default password which is emitted to a default configuration file. The actual password is the one that is configured by the user in the configuration file. Also this is in an API which is confined to the localhost and off-by-default.
*/ public static KeyStore createKeyStore(File ksFile, String password) throws GeneralSecurityException, IOException { boolean exists = ksFile != null && ksFile.exists(); char[] pwchars = password != null ? password.toCharArray() : null;
Do not hardcode passwords in code. Found hardcoded password used in core/java/src/net/i2p/crypto/KeyStoreUtil.java#L155)
following lines 155,170,204,223,245,251,258,1021,1050,1152,1184,1209,1443,
DEFAULT_KEYSTORE_PASSWORD.toCharArray());
password.toCharArray() :
ksPW.toCharArray()
apps/i2pcontrol/java/net/i2p/i2pcontrol/security/SecurityManager.java#L43)