I was reading about JBoss security today, and came across the following page:
JBoss Security vulnerability JMX Management Console. The guy tells how common is to come across servers on the Internet that run completely unsecured JMX-Console.

I gave it a try, typed few keywords in Google, and voilà -
around one third of the Google results on the first page were links to various servers that run completely unsecured JBoss and JMX-console. Having said that, I would like to point out that I did not attempt anything naughty or malicious.

Its still amazes me how careless some people are – leaving an open door for anyone to come in. Come on people, surely in this day and age we all know how important is to keep web applications secured. Don’t be lazy, its not going to take much of your time since securing JMX-console its such a trivial task.