Skip to content

Make admin login safe

Andrius Merkys requested to merge merkys/redmine:safe-admin-login into master

Current admin login with password admin is insecure. An intruder is able to log in to the Redmine instance after the Debian package is installed and before admin password is changed. To mitigate this security hole, I made a patch to replace the hard-coded admin password with a random string, which is stored in a root-only-readable file (/etc/redmine/admin_password.txt).

Edit: opened a bugreport for this: #964759

Edited by Andrius Merkys

Merge request reports

Loading