EDR: Does the Support of Clear Text Authentication by AMQP Cause a Vulnerability in the Server?
search cancel

EDR: Does the Support of Clear Text Authentication by AMQP Cause a Vulnerability in the Server?

book

Article ID: 287578

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Does the support of clear text authentication by AMQP cause a vulnerability in the EDR Server?

Environment

  • EDR Server: 6.2.3 and Higher

Resolution

No. AMQP Clear Text Authentication is within the RabbitMQ Management UI, but not used by users in EDR. Additionally, the ManageFirewall setting that is present from v6.2.3 and higher helps secure the port that RabbitMQ is listening on. Credential authentication would still be required even if a person had access to the interface.

Additional Information

EDR Servers using a version that is lower than 6.2.3 will utilize ManageIptables as opposed to ManageFirewall.
Powered by Wolken Software