DX NetOps Spectrum OneClick - Web Server Uses Plain-Text Form Based Authentication vulnerability
search cancel

DX NetOps Spectrum OneClick - Web Server Uses Plain-Text Form Based Authentication vulnerability

book

Article ID: 233048

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Vulnerability description - Web Server Uses Plain-Text Form Based Authentication

The below vulnerability was detected following the NetOps upgrade from version 20.2.7 to 21.2.6.  Please advise if there are any actions that can be taken to safely remediate this vulnerability or if any additional information is needed from our end.

 

Scan results - below results produced from the scan

-----------------------------------------------

GET /axis2/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8080\n\n&lt;form class=&quot;form-signin&quot; method=&quot;POST&quot; action=&quot;j_security_check&quot;&gt;\n&lt;h1 style=&quot;padding: 5 0 10 0;&quot; class=&quot;h3 mb-3 font-weight-normal&quot;&gt;Log In&lt;/h1&gt;\n&lt;div&gt;\n\n&lt;label for=&quot;username&quot; class=&quot;sr-only&quot;&gt;Username&lt;/label&gt;\n&lt;p style=&quot;font-size: 13px; margin-bottom: 4px;&quot;&gt;Username&lt;/p&gt;\n&lt;input  type=&quot;username&quot; name=&quot;j_username&quot; id=&quot;username&quot; class=&quot;form-control&quot; required autofocus&gt;\n&lt;/div&gt;\n&lt;label for=&quot;inputPassword&quot; class=&quot;sr-only&quot;&gt;Password&lt;/label&gt;\n&lt;p style=&quot;font-size: 13px; margin-top: 25px; margin-bottom: 4px;&quot;&gt;Password&lt;/p&gt;\n&lt;input style=&quot;margin-top: 0px;&quot; type=&quot;password&quot; name=&quot;j_password&quot; id=&quot;inputPassword&quot; class=&quot;form-control&quot; required&gt;\n&lt;div style=&quot;padding: 30 0 15 0;&quot; class=&quot;row justify-content-end&quot;&gt;\n&lt;div style=&quot;max-width: 150px;&quot; class=&quot;col &quot;&gt;\n&lt;button id=&quot;login&quot; class=&quot;btn btn-sm btn-primary btn-block&quot; type=&quot;submit&quot;&gt;&lt;span style=&quot;font-size: 13px; font-weight: 500;&quot;&gt;LOG IN&lt;/span&gt;&lt;/button&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;/form&gt;\n\n\n\nget /axis2/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8080\n\nGET /axis2/phpinfo.php HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8080\n\nPOST /axis2/axis2-admin/login HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8080\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 44\n\nuserName=admin&amp;password=axis2&amp;submit=+Login+GET /spectrum/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8080\n\nget /spectrum/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8080

GET /axis2/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8443\n\n&lt;form class=&quot;form-signin&quot; method=&quot;POST&quot; action=&quot;j_security_check&quot;&gt;\n&lt;h1 style=&quot;padding: 5 0 10 0;&quot; class=&quot;h3 mb-3 font-weight-normal&quot;&gt;Log In&lt;/h1&gt;\n&lt;div&gt;\n\n&lt;label for=&quot;username&quot; class=&quot;sr-only&quot;&gt;Username&lt;/label&gt;\n&lt;p style=&quot;font-size: 13px; margin-bottom: 4px;&quot;&gt;Username&lt;/p&gt;\n&lt;input  type=&quot;username&quot; name=&quot;j_username&quot; id=&quot;username&quot; class=&quot;form-control&quot; required autofocus&gt;\n&lt;/div&gt;\n&lt;label for=&quot;inputPassword&quot; class=&quot;sr-only&quot;&gt;Password&lt;/label&gt;\n&lt;p style=&quot;font-size: 13px; margin-top: 25px; margin-bottom: 4px;&quot;&gt;Password&lt;/p&gt;\n&lt;input style=&quot;margin-top: 0px;&quot; type=&quot;password&quot; name=&quot;j_password&quot; id=&quot;inputPassword&quot; class=&quot;form-control&quot; required&gt;\n&lt;div style=&quot;padding: 30 0 15 0;&quot; class=&quot;row justify-content-end&quot;&gt;\n&lt;div style=&quot;max-width: 150px;&quot; class=&quot;col &quot;&gt;\n&lt;button id=&quot;login&quot; class=&quot;btn btn-sm btn-primary btn-block&quot; type=&quot;submit&quot;&gt;&lt;span style=&quot;font-size: 13px; font-weight: 500;&quot;&gt;LOG IN&lt;/span&gt;&lt;/button&gt;\n&lt;/div&gt;\n&lt;/div&gt;\n&lt;/form&gt;\n\n\n\nget /axis2/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8443\n\nGET /axis2/phpinfo.php HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8443\n\nPOST /axis2/axis2-admin/login HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8443\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 44\n\nuserName=admin&amp;password=axis2&amp;submit=+Login+GET /spectrum/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8443\n\nget /spectrum/ HTTP/1.0\nHost: <spectrum_oneclick_server_name>:8443

-----------------------------------------------

 

Environment

Release : 21.2

Component : Spectrum OneClick

Resolution

This issue typically occur when http connector in server.xml is enabled although https connector is used in the environment. 

 

Below is from  $SPECROOT/tomcat/conf/server.xml:

---------------------------------------------------

    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="true" redirectPort="8443" acceptCount="100"
 connectionTimeout="20000" disableUploadTimeout="true" tcpNoDelay="true"></Connector>

 

Comment out the above http connector in server.xml and then recycle tomcat.

Powered by Wolken Software