|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
|Issue||1, Accessing the RSA Authentication Manager 8.1 server from a web browser over port 1812, for example, https://<Authentication_Manager_server IP>:1812/abc prompts for login authentication in a browser pop-up window.|
2, The screenshots below show the output from different browsers when attempting to access the Authentication Manager 8.1 server from a web browser over port 1812:
3. Authentication with any username and password fails.
4. Running tcpdump on the Authentication Manager 8.1 server when attempting to access https://<Authentication_Manager_server IP>:1812/abc from a web browser shows packet exchange.
5. The vulnerability shows the policy violation is called "Web Server Uses Plain Text Basic Authentication" in the report.
6. The SBR screen says that the access attempt has been logged, but not sure how and where its being logged.
|Cause||Accessing the Authentication Manager 8.1 server from a web browser over port 1812 using https://<Authentication_Manager_server IP>:1812/abc|
|Resolution||1. The RSA Authentication Manager 8.1 Setup and Configuration Guide, Revision 3 says 1812/TCP is the RADIUS replication port.|
2. This port is used only for communication between the primary RADIUS server and any replica RADIUS servers.
3. Blocking this port will prevent communication between primary and replica systems, which will cause replication to fail and will impact Authentication Manager administrative operations such as backup/restore, replica promotion, attaching replicas, etc.
4. Public access to these ports,or even access by administrators, is not needed/ Access to these ports is only required between other primary/replica Authentication Manager systems.
5. Browser connections to this port are NOT licensed. Historically this connection is used for the Steel-Belted RADIUS administration console which is not a feature licensed for use by RSA and the actual console is not included.