Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Web Server Uses Plain-Text Form Based Authentication vulnerability

Hello all,

I have been trying to figure out why this vulnerability shows up even after the traffic is set to route to HTTPS.

We have an internal page at jira.domain.com and it does redirect to https with a certificate from GoDaddy.

It looks like the Qualys scan is still picking up this vulnerability. 

I have read that the traffic between Apache and Tomcat is still not encrypted so is it possibly picking up on that?

I apologize if this is a newb question but I am not sure what I should be looking at if the traffic is already redirected http to https.

 

Thanks

1 answer

Any update on this question? We also use Qualys for Security scans.

THREAT:The Web server uses plain-text form based authentication. A web page exists on the target host which uses an HTML login form. This data is sentfrom the client to the server in plain-text.

IMPACT:An attacker with access to the network traffic to and from the target host may be able to obtain login credentials for other users by sniffingthe network traffic.

SOLUTION:Please contact the vendor of the hardware/software for a possible fix for the issue. For custom applications, ensure that data sent via HTMLlogin forms is encrypted before being sent from the client to the host.

COMPLIANCE:Not Applicable

EXPLOITABILITY:There is no exploitability information for this vulnerability.

ASSOCIATED MALWARE:There is no malware information for this vulnerability.

any update on this? we are seeing the same thing in qualys reports.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

Confluence Mythbusters: Does Atlassian even use Confluence?

Hi, Confluence collaborators! As part of #Confluence-Collaboratory month, we’ve created a very special Mythsbusters segment, where we're dive into an interesting myth and uncover the truth behind i...

1,368 views 7 28
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you