Customer reported that their vulnerability report shows cleartext credential exposure in AA.
The vulnerability is an LDAP misconfiguration that can expose credentials in clear text.
Cleartext passwords exposed using unencrypted LDAP authentications on port 389.

By default, LDAP traffic is transmitted unsecured. To fix this, follow the below steps:

Administrator can make LDAP traffic confidential and secure by using SSL/Transport Layer Security (TLS) technology and can enable LDAP over SSL (LDAPS) by installing a properly formatted certificate from either a Microsoft certification authority (CA) or a non-Microsoft CA according to the guidelines in this article: Enable LDAP over SSL with a third-party certification authority

Refer to the following additional configuration settings to support LDAP Repository in Strong Authentication:

Additional Configurations to Support LDAP Repository in Strong Authentication

- Access Strong Authentication Administration Console and log in as the Global Administrator and under the Manage Organizations section, click the Create Organization link to display the Create Organization page and on LDAP repository details section:

Specify the port number 636 on which the LDAP repository service is listening
Select the attributes that you want to encrypt to map the repository attributes
Enable to activate the new organization

With the above setup you will be able to enable Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) in CA Strong Authentication 9.1.