Uploaded image for project: 'Nuxeo Studio'
  1. Nuxeo Studio
  2. NXS-5458

Prevent default credentials usage from Studio

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.20.0
    • Component/s: Roles & Permissions

      Description

      When creating users and groups in Studio, the Administrator user with its default password is added automatically.

      If customers keep it as is and use the always policy, it means the instance will drop every existing user and use the Studio config instead at restart, with the default credentials.

      We noticed recently a big number of important customers in our cloud using the default credentials, probably without knowing it. We need to prevent customers from putting their security at risk.

      AC

      • When creating users and groups, the Administrator user has a random password instead of "Administrator"
      • When creating users and groups, the Administrator email has devnull@nuxeo.com instead of administrator@example.com (could send sensitive information to this domain)
      • When an existing users and groups configuration has Administrator / Administrator, display a validation warning:

        Using the default credentials for the Administrator account puts your application security at risk. We strongly recommend you to change the password for this user.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 6 hours
                6h

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.