Skip to content
This repository has been archived by the owner on Jul 15, 2022. It is now read-only.

Tighten OVA security #37

Open
phuongdh opened this issue Aug 17, 2016 · 2 comments
Open

Tighten OVA security #37

phuongdh opened this issue Aug 17, 2016 · 2 comments
Labels

Comments

@phuongdh
Copy link
Member

Our OVA was taken over by a bot while running on bridged network. We need to either randomize passwords or warn people of the risk.

@mbklein
Copy link
Member

mbklein commented Sep 15, 2016

How did the bot gain access? Which password / attack vector was compromised?

@phuongdh
Copy link
Member Author

@mbklein Tomcat was open and had default manager password, so someone was able to drop a webapp in and started mining for Bitcoins.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants