Engines Port 7070 - Web Server Uses Plain Text Basic Authentication

Hello all,

Recently we have found that the Appian servers has the following vulnerability in the Engines using the port 7070. 

  • Web Server Uses Plain Text Basic Authentication. Vulnerability Result

GET / HTTP/1.0
Host: appian1.example.com:7070
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)

Performing a 401 HTTP actionService Name: HTTP on TCP port 7070.
HTTP Service Accepting Basic Auth Credentials Detected

I have been checking in the documentation, but there is no information about how to change the configuration to avoid using text plain authentication for the engines communication.

Thanks a lot in advance,

Best regards,

  Discussion posts and replies are publicly visible

Parents Reply Children