GlassFish Use of Hard-coded Credentials Vulnerability - CVE-2018-14324

The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information perform database operations or manipulate the demo via a JMX RMI session aka a quotjmx_rmi remote monitoring and control problem.quot NOTE: this is not an Oracle supported product.