000032690 - Access to RSA Authentication Manager 8.1 over port 1812/TCP from a browser is requesting credentials

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032690
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition:  8.1
Issue1,  Accessing the RSA Authentication Manager 8.1 server from a web browser over port 1812, for example, https://<Authentication_Manager_server IP>:1812/abc prompts for login authentication in a browser pop-up window.
2,  The screenshots below show the output from different browsers when attempting to access the Authentication Manager 8.1 server from a web browser over port 1812:

Chrome


User-added image
 

 

Internet Explorer
 

User-added image


Firefox


User-added image

3.  Authentication with any username and password fails.
4.  Running tcpdump on the Authentication Manager 8.1 server when attempting to access https://<Authentication_Manager_server IP>:1812/abc  from a web browser shows packet exchange.
5.  The vulnerability shows the policy violation is called "Web Server Uses Plain Text Basic Authentication" in the report.
6.  The SBR screen says that the access attempt has been logged, but not sure how and where its being logged.



 
CauseAccessing the Authentication Manager 8.1 server from a web browser over port 1812 using https://<Authentication_Manager_server IP>:1812/abc
Resolution1.  The RSA Authentication Manager 8.1 Setup and Configuration Guide, Revision 3 says 1812/TCP is the RADIUS replication port.
2.  This port is used only for communication between the primary RADIUS server and any replica RADIUS servers.
3.  Blocking this port will prevent communication between primary and replica systems, which will cause replication to fail and will impact Authentication Manager administrative operations such as backup/restore, replica promotion, attaching replicas, etc.
4.  Public access to these ports,or even access by administrators, is not needed/  Access to these ports is only required between other primary/replica Authentication Manager systems.
5.  Browser connections to this port are NOT licensed.  Historically this connection is used for the Steel-Belted RADIUS administration console which is not a feature licensed for use by RSA and the actual console is not included.

Attachments

    Outcomes