Druid credentials hardcoded vulnerability

# Summary

Druid credential is hardcoded, when user uses the default credential or it is leaked, which can lead to allow attacker gather sensitive operation information.

---

# Details
- eladmin-system\src\main\resources\config\application-prod.yml
```
      stat-view-servlet:
        allow:
        enabled: true
        # 控制台管理用户名和密码
        url-pattern: /druid/*
        reset-enable: false
        login-username: admin
        login-password: 123456
```

---

# POC

http://127.0.0.1:8000/druid/login.html

<img width="1601" height="982" alt="Image" src="https://github.com/user-attachments/assets/21bfa710-2b10-4fa8-a61a-fe8517a54f5a" />

---

# Impact

when user uses the default credential or it is leaked, which can lead to allow attacker gather sensitive operation information.
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Druid credentials hardcoded vulnerability #883

Summary

Details

POC

Impact

when user uses the default credential or it is leaked, which can lead to allow attacker gather sensitive operation information.

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Druid credentials hardcoded vulnerability #883

Description

Summary

Details

POC

Impact

when user uses the default credential or it is leaked, which can lead to allow attacker gather sensitive operation information.

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions