QualysGuard Enterprise Suite security scanner identifies Veritas Operations Manager (VOM) components

Article:TECH184796  |  Created: 2012-03-26  |  Updated: 2014-04-09  |  Article URL http://www.symantec.com/docs/TECH184796
Article Type
Technical Solution



Issue



BACKGROUND

QualysGuard Enterprise Suite is a popular security scanning software in the computer industry. 

ISSUE

 QualysGuard Enterprise Suite identifies VOM components implying that VOM is not secure. 

VOM is engineered as a secure product.


Error



Excerpt of QualysGuard Enterprise Suite report pertaining to VOM.

Port 5643/tcp over SSL
SSL Certificate - Self-Signed Certificate

QID: 38169

Category: General Remote services

THREAT:

An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.

The client can trust that the Server Certificate belongs the server only if it is signed by a mutually trusted third-party Certificate Authority (CA). Self-signed vertificates are created generally for testing purposes or to avoid paying third-party CAs. These should not be used on any production or critical servers.

By exploiting this vulnerability, an attacher can impersonate the server by presenting a fake self-signed certificate. If the client knows that the server does not have a trusted certificate. It willa ccept this spoofed certificate and communicate with the remote server.

IMPACT:

By exploiting this vulnerability, an attacker can launch a man-in-the-middle attack.

SOLUTION:

Please install a server certificate signed by a trusted third-party Certificate Authority.

(Symantec note: please see the Symantec Solution regarding the  certificate)

COMPLIANCE:

Not applicable

EXPLOITABILITY:

There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:

There is no malware information for this vulnerability.

 RESULTS:

Certificate #0 O=localhost, OU=NT_AUTHORITY, CN=SYSTEM is a self-signed certificate.


Environment



VOM 4.1, 5.0 and 6.0

 

 

 


Cause



QualysGuard Enterprise Suite is unfamiliar with VOM design.


Solution



Please consider the following points regarding the use of the VOM product. 

1)  While the QualysGuard Enterprise Suite report suggests purchasing or generating a certificate: 

       This is not necessary and cannot be implemented in the current structure of the product.  Also, see next point. 

2)  A 128 bit self signed certificate is used.  While this certificate is not issued by a known public authority, it is generated by a Symantec product during configuration and can be trusted. 

3)   VOM uses secure HTTPS protocol on port 5634 to communicate between hosts in the VOM domain.  Each host (Central Server and Managed Hosts) will have an xprtld process which is a lite web server that will use HTTPS protocol on this port for host to host communications.





Article URL http://www.symantec.com/docs/TECH184796


Terms of use for this information are found in Legal Notices