The Sun Ray server console administration sessions are not encrypted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16145 | SUN0160 | SV-17134r1_rule | ECCT-1 ECCT-2 | Medium |
| Description |
|---|
| Unencrypted Sun Ray server console sessions do not protect the information transmitted from being read or viewed by anyone. Unencrypted sessions are vulnerable to a number of attacks to include man-in-the-middle attacks, TCP Hijacking, and replay. |
| STIG | Date |
|---|---|
| Sun Ray 4 STIG | 2015-04-02 |
Details
| Check Text ( C-17188r1_chk ) |
|---|
| Have the administrator log into the Sun Ray administrator console by typing the following: http://localhost:1660. If the session does not switch to https://localhost:1661 in the browser, this is a finding. |
| Fix Text (F-16250r1_fix) |
|---|
| Encrypt all Sun Ray server console sessions. |