Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2522

Nessus security scan on MaxScale node shows vulnerability on maxctrl 8989 port

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Not a Bug
    • None
    • N/A
    • N/A
    • None
    • Centos 7.6

    Description

      34850 (1) - Web Server Uses Basic Authentication Without HTTPS -
      Synopsis
      The remote web server seems to transmit credentials in cleartext.
      Description
      The remote web server contains web pages that are protected by 'Basic'
      authentication over cleartext.

      An attacker eavesdropping the traffic might obtain logins and passwords of valid users.
      Solution
      Make sure that HTTP authentication is transmitted over HTTPS.
      Risk Factor
      Low
      CVSS Base Score
      2.6 (CVSS2#AV:N/AC:H/Au:N/C/I:N/A:N)
      References
      XREF CWE:319
      XREF CWE:928
      XREF CWE:930
      XREF CWE:934
      Plugin Information:
      Published: 2008/11/21, Modified: 2016/11/29
      Plugin Output
      10.76.65.215 (tcp/8989)

      The following web pages use Basic Authentication over an unencrypted
      channel :

      /:/ realm="maxscale"

      Attachments

        Activity

          People

            Unassigned Unassigned
            rvlane Richard Lane
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.