Network scanning products can attempt to access the JBoss admin-console\ website using the JBoss release default credentials. A weak password for the admin-console enables activities such as placing new executable java files and/or webpages into the JBoss/Tomcat application.

1. Using a text editor, open the file: InSightManager\server\all\conf\props\jmx-console-users.properties
2. In the jmx-console-users.propertiesfile, modify the default password value to the right of the equal (=) sign.
3. For this change to take effect, the tmp and work directories must be cleared after the service is stopped. The tmp and work directories are located in the following paths: