Enable LDAP over SSL in CA Strong Authentication 9.1
search cancel

Enable LDAP over SSL in CA Strong Authentication 9.1


Article ID: 257448


Updated On:


CA Strong Authentication CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort) CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)


Customer reported that their vulnerability report shows that AA text credentials exposure.

The vulnerability is misconfiguration on LDAP which can expose credentials in clear text.

Cleartext passwords exposed using unencrypted LDAP authentications on port 389.


Release : CA Strong Authentication 9.1


The LDAP is running on encrypted version on port 636. Strong Authentication was connecting to LDAP on port 389 instead of 636


The LDAP is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. To fix this vulnerability, follow the below steps:

With above setup you would be able to enable Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) in CA Strong Authentication 9.1