Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Sun Ray server console administration sessions are not encrypted.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16145 | SUN0160 | SV-17134r1_rule | ECCT-1 ECCT-2 | Medium |
| Description |
|---|
| Unencrypted Sun Ray server console sessions do not protect the information transmitted from being read or viewed by anyone. Unencrypted sessions are vulnerable to a number of attacks to include man-in-the-middle attacks, TCP Hijacking, and replay. |
| STIG | Date |
|---|---|
| Sun Ray 4 STIG | 2015-04-02 |
Details
| Check Text ( C-17188r1_chk ) |
|---|
| Have the administrator log into the Sun Ray administrator console by typing the following: http://localhost:1660. If the session does not switch to https://localhost:1661 in the browser, this is a finding. |
| Fix Text (F-16250r1_fix) |
|---|
| Encrypt all Sun Ray server console sessions. |