Vulnerability on Active MQ process on port 8161

Document ID : KB000097680
Last Modified Date : 23/05/2018
Show Technical Document Details
Issue:
The"Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client. The admin interface of Apache ActiveMQ is accessible using default credentials - admin:admin. QID Detection Logic: This QID launches a request directed at the Apache ActiveMQ administration console with default credentials."

Impact:
Successfully exploiting this issue may allow attackers to obtain administrative access to the application.

 
Environment:
Service Operations Insight 4.2
Resolution:
The vulnerability can be taken care by updating jetty-realm.properties file in <activemq installed location>\conf folder

For example
C:\Program Files (x86)\CA\SOI\apache-activemq\conf

The password is mentioned as follows
# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin
user: user, user

Change the password and save the file.

Note
This needs restart the SOI MQ server and SOI Application server  services