This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

There are several files with sensitive credential and configuration data on the Management Server which are accessible by all unix users on this system

Posted on 08-28-2016 11:28 PM
Not applicable
Reply posted on --/--/---- --:-- AM

There are several files with sensitive credential and configuration data on the Management Server which are accessible by all unix users on this system. Users without additional rights might access the data and e.g. brute force the credentials for the cassandra backend user.



ascsac:apigee:/var/SP/apigee $ ll /opt/apigee/customer/conf/license.txt
-rw-r--r--. 1 apigee apigee 349 Jul 13 16:45 /opt/apigee/customer/conf/license.txt

ascsac:apigee:/var/SP/apigee $ ll /opt/apigee/edge-management-server/conf/cassandra.properties
-rw-rw-r--. 1 apigee apigee 69 Aug 4 15:30 /opt/apigee/edge-management-server/conf/cassandra.properties

ascsac:apigee:/var/SP/apigee $ ll /opt/SP/apigee/edge-ui-4.16.01-0.0.3654/conf/apigee.conf
-rw-rw-r--. 1 apigee apigee 1997 Aug 15 17:54 /opt/SP/apigee/edge-ui-4.16.01-0.0.3654/conf/apigee.conf


will be there impact on Apigee UI if we chmod 640 these files ?

0 2 148
Topic Labels
0 Likes
2 REPLIES 2
Top Solution Authors
View all