STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Default password for keystore must be changed.

DISA Rule

SV-222931r615938_rule

Vulnerability Number

V-222931

Group Title

SRG-APP-000033-AS-000024

Rule Version

TCAT-AS-000060

Severity

CAT I

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.
• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

From the Tomcat server as a privileged user, run the following command:

sudo keytool -storepasswd

When prompted for the keystore password, select a strong password, minimum 10 characters, mixed case alpha-numeric.

Document the password and store in a secured location that is only accessible to authorized personnel.

Check Contents

From the Tomcat server console, run the following command to check the keystore:

sudo keytool -list -v

When prompted for the keystore password type "changeit" sans quotes.

If the contents of the keystore are displayed, this is a finding.

Vulnerability Number

V-222931

Documentable

False

Rule Version

TCAT-AS-000060

Severity Override Guidance

From the Tomcat server console, run the following command to check the keystore:

sudo keytool -list -v

When prompted for the keystore password type "changeit" sans quotes.

If the contents of the keystore are displayed, this is a finding.

Check Content Reference

M

Target Key

4094

Comments