The application server must utilize encryption when using LDAP for authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35319 | SRG-APP-000172-AS-000121 | SV-46606r1_rule | High |
| Description |
|---|
| Passwords need to be protected at all times and encryption is the standard method for protecting passwords during transmission. App servers have the capability to utilize LDAP directories for authentication. If LDAP connections are not protected during transmission, sensitive authentication credentials can be stolen. When the AS utilizes LDAP, the LDAP traffic must be encrypted. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2013-01-08 |
Details
| Check Text ( C-43689r1_chk ) |
|---|
| Review AS documentation and configuration to determine if the AS enforces the requirement to encrypt LDAP traffic. If the AS is not configured to meet this requirement, this is a finding. |
| Fix Text (F-39865r1_fix) |
|---|
| Configure the AS to encrypt LDAP traffic. |