It just came to my attention that a vulnerability in Apache CloudStack was discovered, as John Kinsella writes in his post to the Apache CloudStack dev-mailinglist.
A malicious user could, for example, delete all VMs in the system. Addressing this issue is especially important for anybody using CloudStack in a public environment.
The vulnerability report has an easy work-around that I will mention here as well:
mysql -p -u cloud -h mgt-server-ip update cloud.user set password=RAND() where id=1; \q
Hugo Trippaers of Schuberg Philis discovered this issue. Thanks for sharing!
Remi Bergsma's blog 