> A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group
one anecdote that might be relevant is that on bitwarden when I go to generate a new password, I can let my password be 64 characters long, have symbols, uppercase, lowercase etc. I can even make it generate a key phrase
in comparison to that, disabled1system1user6708 seems pretty weak
It would not at all shock me to learn that the hardcoded password is in response to Australia's insane anti-encryption bill [0]. Pretty much everything it demands is insane. Like blocking notification of any senior personnel, allowing them to force a more junior member to carry out the will of the government or the entire business suffers the consequences.
11 comments
[ 2.7 ms ] story [ 32.8 ms ] threadA hardcoded password... are these guys for real?
in comparison to that, disabled1system1user6708 seems pretty weak
Using this method we can see that this password (disabled1system1user6708) would take over 10,000 centuries to brute force
That seems relatively secure to me
[0] https://www.theguardian.com/australia-news/2020/jul/09/austr...
Gitlab had the same issue just a few months ago.