We have AEM setup first time in our system. Our security team scans the VM before it can go live. They found following issue on it. Anyone knows how to correct it?
Vuln 45242 Remote Management Service Accepting Unencrypted Credentials Detected
dcmipvmacc008.edc.nam.com port: 8080
Service Name: HTTP on TCP port 8080.
HTTP Service Excepting Basic Auth Credentials Detected
dcwipvmacc008.edc.nam.com port: 8080
Service Name: HTTP on TCP port 8080.
HTTP Service Excepting Basic Auth Credentials Detected
Vuln 86763 Web Server Uses Plain Text Basic Authentication
dcmipvmacc008.edc.nam.com port: 8080
dcwipvmacc008.edc.nam.com port: 8080
The login page at port 8080 needs to use encryption or be disabled.
Views
Replies
Total Likes
Hi
Can you please confirm with the security team which tool is generating these messages?
It would be wiser to look at the documentation of that tool to better understand these messages.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes
Those messages are not AEM messages - you need to consult with the tool's docs that generated those. For AEM and security best practices, see . https://docs.adobe.com/docs/en/aem/6-2/administer/security/security-checklist.html
Views
Replies
Total Likes
Yes. They are not AEM messages. The messages are from Qualys scan which ran on the VM where author is installed and listening on port 8080. Searching on google I think it complains about author server login page (listening on 8080) using plain text basic authentication.
Any idea how to correct it on author side?
Views
Replies
Total Likes
If you are concerned that the default AEM authentication uses a text based password (which seems to be the cause of the message: The login page at port 8080 needs to use encryption or be disabled.) -- then write a custom authentication handler:
http://www.wemblog.com/2013/03/how-to-create-custom-authentication.html
Or instead of writing a custom authen handler - another choice that you have is to setup 2 factor authentication:
https://helpx.adobe.com/experience-manager/using/twofactor.html
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies