Vulnerability ID: V-15823 - Software certificate installation files must be removed from Windows

book

Article ID: 194047

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction


Vulnerability Scan picked up a  PKCS12 (.p12) certificate files located on the SpectroSERVER. The Use of software certificates
   and their accompanying installation files for end users to access resources is less secure than the use of hardware-based certificates.

 

Scan Results
---------------------------------------------------------
Rule Title: Software certificate installation files must be removed from Windows 2012/2012 R2.
Discussion: Use of software certificates and their accompanying installation files for end users to access resources is less secure than the use of hardware-based certificates.

Check Text: Search all drives for *.p12 and *.pfx files.

If any files with these extensions exist, this is a finding.

This does not apply to server-based applications that have a requirement for certificate files or Adobe PreFlight certificate files. Some applications create files with extensions of .p12 that are not certificate
   installation files. Removal of non-certificate installation files from systems is not required. These must be documented with the ISSO.

Fix Text: Remove any certificate installation files (*.p12 and *.pfx) found on a system.

This does not apply to server-based applications that have a requirement for certificate files, Adobe PreFlight certificate files, or non-certificate installation files with the same extension.
 

Cause


The Secure Domain Manager (SDM) component of the SpectroSERVER installs with an SSL Certificate that is used to encrypt
   communications when connecting to a Secure Domain Connector (SDC). The installation will lay down the certificate needed
   to perform the encryption.

$SPECROOT/SDM/cert/

 

Environment

Release : 10.x

Component : Spectrum Core / SpectroSERVER

Resolution


If the Secure Domain Connectors are not being used these certificate files can be removed and manually recreated at a later time. If the
  Secure Domain Connector(s) are being used then these certificates are required to encrypt communications and should not be removed.

Additional Information

 

SDM - Create Certificates
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/spectrum/10-4-2/managing-network/secure-domain-manager-sdm/installing-and-configuring-secure-domain-manager-processes/working-with-certificates/create-certificates.html

 

Attachments