Customer reported that their vulnerability report shows that AA text credentials exposure.
The vulnerability is misconfiguration on LDAP which can expose credentials in clear text.
Cleartext passwords exposed using unencrypted LDAP authentications on port 389.
Release : CA Strong Authentication 9.1
The LDAP is running on encrypted version on port 636. Strong Authentication was connecting to LDAP on port 389 instead of 636.
The LDAP is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. To fix this vulnerability, follow the below steps:
With above setup you would be able to enable Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) in CA Strong Authentication 9.1