Make admin login safe
Current admin
login with password admin
is insecure. An intruder is able to log in to the Redmine instance after the Debian package is installed and before admin
password is changed. To mitigate this security hole, I made a patch to replace the hard-coded admin
password with a random string, which is stored in a root-only-readable file (/etc/redmine/admin_password.txt
).
Edit: opened a bugreport for this: #964759
Edited by Andrius Merkys