search cancel

Enable LDAP over SSL in CA Strong Authentication 9.1

book

Article ID: 257448

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort) CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

Customer reported that their vulnerability report shows that AA text credentials exposure.

The vulnerability is misconfiguration on LDAP which can expose credentials in clear text.

Cleartext passwords exposed using unencrypted LDAP authentications on port 389.

Environment

Release : CA Strong Authentication 9.1

Cause

The LDAP is running on encrypted version on port 636. Strong Authentication was connecting to LDAP on port 389 instead of 636

Resolution

The LDAP is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. To fix this vulnerability, follow the below steps:

With above setup you would be able to enable Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) in CA Strong Authentication 9.1