- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Knowledge Base
- :
- QID-86728 security vulnerability for FNP webserver
- Mark as New
- Mark as Read
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
QID-86728 security vulnerability for FNP webserver
QID-86728 security vulnerability for FNP webserver
Summary
After installing FlexNet Publisher (FNP) using the lmadmin installer and conducting a security scan, vulnerability QID-86728 - Web Server Uses Plain-Text Form Based Authentication is being flagged
What is QID-86728 :- Web Server Uses Plain-Text Form-Based Authentication vulnerability
The vulnerability indicates that data is being transmitted over an unencrypted port, such as port 80. The solution is to switch the communication port to HTTPS for secure transmission.
Recommendation
We recommend the license administrator configure the web server in secure mode based on their requirements. This can be done by selecting the checkboxes for "Enable HTTPS" and "Redirect Non-Secure Web Access to Secure Web Access" in the lmadmin web UI.
To do this, navigate to Administration > Server Configuration > Secure Web Server Configuration, then click Save to apply the changes.
Further, the admin can recommend the lmadmin web users connect over HTTPS only by specifying the URL like "https://<lmadminHost>:<lmadminHttpsPort> . The HTTPS port can be chosen as per the license administrator’s convenience.