System security scan is reporting that the VIP Enterprise Gateway (EGW) is authenticating using clear text authentication. There is concern that this can pose a significant security risk.

VIP Enterprise Gateway

The three ways VIP Enterprise Gateway can be used for authentications are addressed here:

1. Radius Authentications using PAP protocol - This is the method other applications use to make 2FA authentications while utilizing Symantec VIP. In this method the passwords are encrypted utilizing the Radius Shared Secret. This should only be done with local access or through a secure VPN.
   
   • Is PAP secure?
   • Radius User-Password
2. Local EGW service authentications (SSP/MyVIP, Manager IdP, or EGConsole) - These authentications can be encrypted with local SSL communications following this documentation:
   • Configuring SSL certificates in VIP Enterprise Gateway
   • How to get Symantec VIP Enterprise Gateway to use a new SSL Certificate?
3. Local LDAP call between the VIP Enterprise Gateway and the Active Directory domain controller can also be setup using an SSL certificate encryption:
   • VIP User Store configuration - Refer to steps under heading "If the LDAP server is configured with SSL and if you have selected the Enable SSL option, you must ensure the following"