An internal security scan reveals the following security vulnerability which needs to be remediated ASAP.
A Qualsys system scan on DX NetOps Performance Management Data Collector hosts running release 21.2.12 returned the following Vulnerability.
How can this be remediated?
|DNS||Tracking Method||OS||QID||Title||Vendor Reference||CVSS Base||CVSS Temporal||CVSS Environment||Solution||Results||Server Name||Application||Inventory.Contact||CVSS Merge||CVSS Qualitative||Final Merge||Lookup|
|DC_hostname||QAGENT||Red Hat Enterprise Linux Server 7.9||45242||Remote Management Service Accepting Unencrypted Credentials Detected(HTTP)||4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)||3.3 (E:U/RL:W/RC:UR)||Asset Group: FH_E42_INSCOPE_PCI, Collateral Damage Potential: Not Defined, Target Distribution: Not Defined, Confidentiality Requirement: Not Defined, Integrity Requirement: Not Defined, Availability Requirement: Not Defined||If possible, use alternate services that provide encryption.
Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission.
|Service Name: HTTP on TCP port 8681.
HTTP Service Accepting Basic Auth Credentials Detected#
|DC_hostname||CAPM (Network Performance Tool)||6.4||Medium||DC_hostname||DC_hostname|
All supported DX NetOps Performance Management releases
The Data Collector (DC) only provides a /debug http endpoint. One that regular users should not be accessing.
The /debug provides a link to the Apache Karaf web console which we do not have access to in order to add headers.
The /debug/dispatcher is CAPM debug module.
The only time we need to go into them is really to check if a bundle is running or restart it, which can also be done via web pages.
This would only be done at the request of support.
There are two options to address this concern.