Many of our DevTest servers have been flagged as having a security vulnerability with the Lisa certificate. Because the Lisa (default) certificate is self signed, this gets flagged on our DevTest servers.
Here are the vulnerability details:
Vulnerability Path/Results
Source Reference ID
Port
Server Name
Notes
Certificate 0 CN=Lisa,OU=Lisa,O=Lisa,L=Dallas,ST=Texas,C=US,[email protected] self signed certificate
51111
PE Registry server
Certificate 0 CN=Lisa,OU=Lisa,O=Lisa,L=Dallas,ST=Texas,C=US,[email protected] self signed certificate
1505
SV Portal VSE server
Certificate 0 CN=Lisa,OU=Lisa,O=Lisa,L=Dallas,ST=Texas,C=US,[email protected] is a self signed certificate.
1507
DEVTEST 10.7.2
N/A
You may remove webreckeys.ks, and any mention of webreckeys.ks being used in the properties files; and use your own certificates wherever default certs are used.
This includes:
iam.properties
dradis.properties
local.properties
phoenix.properties
site.properties
We know that the vulnerabilities will be remediated with 10.8.0. However we have no further remediation steps for 10.7.2