Novell GroupWise WebAccess 5.5 EP
Novell Servlet Gateway
Default Servlet Gateway password can allow unauthorized users to disable WebAccess.
Enhancement Pack WebAccess uses the Novell Servlet Gateway to processes requests. The install enables the Servlet Manager with a default user name and password. The manager can be used to disable the various servlets running on the server. An unauthorized user could log in to the Servlet Manager and disable WebAccess if the default user name and password is not changed.
Novell recommends that the password be changed according to the follow procedure:
Edit the SYS:\JAVA\SERVLETS\SERVLET.PROPERTIES file. There is a section for ServletManager like the following:
# ServletManager servlet
In the initialization arguments there is a user=servlet, password=manager that can be edited to reflect the user and password that you wish to use. You will then have to do a java -exit on the server, NSWEBDN and then an NSWEB to reload the servlet gateway and the web server.
This has been fixed in GroupWise 6. During installation you are now prompted for the username and password.