Hello all,
Recently we have found that the Appian servers has the following vulnerability in the Engines using the port 7070.
GET / HTTP/1.0 Host: appian1.example.com:7070 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322) Performing a 401 HTTP actionService Name: HTTP on TCP port 7070. HTTP Service Accepting Basic Auth Credentials Detected
I have been checking in the documentation, but there is no information about how to change the configuration to avoid using text plain authentication for the engines communication.
Thanks a lot in advance,
Best regards,
Discussion posts and replies are publicly visible
Did you report that to Appian? AFAIK, this is local, on same machine, communication only.
Hello Stefan,
Thanks for your message.
Indeed this is local, and our servers are not exposed and they are in an internal network, so it is not that critical, but we would like to have more information to be able to justify this behavior.
I have no access to support myself, but I make the request to open a support ticket.
Thanks again,