Summary

After installing FlexNet Publisher (FNP) using the lmadmin installer and conducting a security scan, vulnerability QID-86728 - Web Server Uses Plain-Text Form Based Authentication is being flagged

 What is QID-86728 :- Web Server Uses Plain-Text Form-Based Authentication vulnerability

The vulnerability indicates that data is being transmitted over an unencrypted port, such as port 80. The solution is to switch the communication port to HTTPS for secure transmission.

Recommendation

We recommend the license administrator configure the web server in secure mode based on their requirements. This can be done by selecting the checkboxes for "Enable HTTPS" and "Redirect Non-Secure Web Access to Secure Web Access" in the lmadmin web UI.

To do this, navigate to Administration > Server Configuration > Secure Web Server Configuration, then click Save to apply the changes.

Further, the admin can recommend the lmadmin web users connect over HTTPS only by specifying the URL  like "https://<lmadminHost>:<lmadminHttpsPort> . The HTTPS port can be chosen as per the license administrator’s convenience.