SOI application server Vulnerability Axis2 default Administrator Password

Document ID : KB000012884
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

The Axis2 administrator 'admin' has a password that is set to the default value of 'axis2'. As a result, anyone with access to the Axis2 port can trivially gain full access to the machine via arbitrary remote code execution.

Question:

How can I change the Axis2 default password ?

Environment:
SOI 4.0
Answer:

Edit C:\Program Files (x86)\CA\SOI\tomcat\webapps\axis2\WEB-INF\conf\axis2.xml file

change the following:

<parameter name="userName">admin</parameter>
<parameter name="password">axis2</parameter>

into:

<parameter name="userName">admin</parameter>
<parameter name="password"><newpassword></parameter>

save the file.

Restart the SOI Application Server Service