pkg/api/bundle/create.go (account default credentials get created here)
pkg/gpserver/defaults.go (server default credentials get created here)
Description:
The server is not as big of a deal because that's more of a resellers/admin user/whoever is using this software problem. They should be smart enough to follow the instructions laid out and change the default username/password.
The account default username/password should probably be a little bit more secure, I'm sure that there are more than a few clients that would leave the default as root/root. An email should probably also be sent to the server admin that is just a carbon copy of the email sent to the account user.
Severity level (1-10):
8
Files/Directories Involved:
pkg/api/bundle/create.go(account default credentials get created here)pkg/gpserver/defaults.go(server default credentials get created here)Description:
The server is not as big of a deal because that's more of a resellers/admin user/whoever is using this software problem. They should be smart enough to follow the instructions laid out and change the default username/password.
The account default username/password should probably be a little bit more secure, I'm sure that there are more than a few clients that would leave the default as root/root. An email should probably also be sent to the server admin that is just a carbon copy of the email sent to the account user.
Personal Comments: