Tomcat 6 - Discloses username="tomcat" password="s3cret" roles="manager"

Tomcat 6 - Discloses username="tomcat" password="s3cret" roles="manager"

Custom Error page configurations not working with Tomcat 6.x and while using the Manager application of tomcat if user tries the invalid username / passwords it discloses the 401 unauthorized page as shown below.

to manage the issue either disable the Manager application or modify the error page so that  username="tomcat" password="s3cret" roles="manager" this string can be avoided and for the same comment out the below code of the 401.jsp file located at D:\ApacheSoftwareFoundation\Tomcat6.0\webapps\manager and restart the tomcat and you are done.

<pre>
&lt;role rolename="manager"/&gt;
&lt;user username="tomcat" password="s3cret" roles="manager"/&gt;
</pre>