Testing default passwords does not work correctly on publish AEM 6.2 - Githubissues

wttech / SecureAEM

39 stars 20 forks source link

Testing default passwords does not work correctly on publish AEM 6.2 #19

Closed rzasap closed 7 years ago

rzasap commented 7 years ago

In report I can see that the user admin exists on publish, which is not true. The way it is being check it is not correct, see DefaultPasswordsTest.java. It checks whether user exists or not by making a call to a publish instance with basic authentication and expecting 401 error code. For example for request http://admin:admin@ip:port I have got redirection to geometrixx home page instead of 401.

Default passwords

Environments: author / publish Result: FAIL

Failed tests:

User admin:admin exists on publish
User author:author exists on publish
User replication-receiver:replication-receiver exists on publish
User jdoe@geometrixx.info:jdoe exists on publish
User aparker@geometrixx.info:aparker exists on publish

rzasap commented 7 years ago

It has been resolved in https://github.com/Cognifide/SecureCQ/commit/e91e03a6eee84022749399b3ef1922c999b37c2a