Does the Support of Clear Text Authentication by AMQP Cause a Vulnerability in the Server?
search cancel

Does the Support of Clear Text Authentication by AMQP Cause a Vulnerability in the Server?

book

Article ID: 287578

calendar_today

Updated On: 03-11-2025

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Does the support of clear text authentication by AMQP cause a vulnerability in the EDR Server?

Environment

  • Carbon Black EDR Server: 6.2.3 and Higher

Resolution

  • No. AMQP Clear Text Authentication is within the RabbitMQ Management UI and not used by users in EDR.
  • Credential authentication would still be required even if a person had access to the interface.

Additional Information

  • Vulnerability scanners will pick up on RabbitMQ ports being available outside the local server. It is recommended to only have inbound 443 port access to the server, unless clustered a few services do need to talk between each other. To see the recommended firewall rules, run this command on each node. 
    sudo /usr/share/cb/cbcheck firewall -l
  • If you would like the EDR product to add the proper local firewall rules, set ManageFirewall=True in /etc/cb/cb.conf, then restart services. You can ask the product to apply the firewall rules using this command.  
    sudo /usr/share/cb/cbcheck firewall -a
Powered by Wolken Software