Skip to content

[Improve][Manager][Dashboard] Enforce password change on first login for default admin account #12150

Description

@spiritxishi

Description

Background

The default admin/****** credentials in application.properties are well-known and can be exploited if unchanged. There is currently no mechanism to force users to change the password after the initial login.

Affected Code:
inlong-manager/.../application.properties:21-22

Proposed Fix

Implement a mandatory password-reset flow triggered on first login for the default admin account (and any account using the default password).

Acceptance Criteria

  • After first login with default credentials, user is redirected to a password change page
  • Core functionality is inaccessible until the password is changed
  • New password must meet minimum complexity requirements
  • Auditable: log when a default-password account is first changed

InLong Component

InLong Manager

Are you willing to submit PR?

  • Yes, I am willing to submit a PR!

Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions