In case you have not seen it, Adobe made a change to the security checklist for AEM/CQ. The section that was added just recently is an explanation on how to change the admin password for the felix console.
The following recommendation has been added:
In addition, Adobe recommends changing the OSGi (web) console password to something other than the admin password as not doing so:
- Exposes the server with default password during startup and shutdown (that can take minutes for large servers)
- Exposes the server when the repository is down/restarting bundle – and OSGI is running.
The description on how to do this can be found here:
this issue affects AEM5.6 and CQ5.5