STIGQter: STIG Summary: IBM WebSphere Traditional V9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 23 Aug 2018:

The WebSphere Application Server secure LDAP (LDAPS) must be used for authentication.

DISA Rule

SV-96061r1_rule

Vulnerability Number

V-81347

Group Title

SRG-APP-000172-AS-000121

Rule Version

WBSP-AS-001200

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

In the administrative console, click Security >> Global security.

Under User account repository, click the "Available realm definitions" drop-down list.

Select Standalone LDAP registry.

Click "Configure".

Click "SSL enabled".

Click "OK".

On Global security panel, click "Set as current".

Click "Apply".

Click "Save".

To ensure an error-free operation for this step, you need to first extract to a file the Signer certificate of the LDAP and send that file to the WebSphere Application Server machine. You can then add the certificate to the trust store being defined for the LDAP. In this way, you are assured that the remaining actions for this step will be successful.

Check Contents

In the administrative console, click Security >> Global security.

Under "User account repository", click "Configure" for the "Standalone LDAP registry", on "Standalone LDAP registry" panel.

If the "SSL" flag is not enabled, this is a finding.

Vulnerability Number

V-81347

Documentable

False

Rule Version

WBSP-AS-001200

Severity Override Guidance

In the administrative console, click Security >> Global security.

Under "User account repository", click "Configure" for the "Standalone LDAP registry", on "Standalone LDAP registry" panel.

If the "SSL" flag is not enabled, this is a finding.

Check Content Reference

M

Target Key

3399

Comments