000015761 - Possible Security Vulnerability in AM 7.1 - Directory Indexing enabled on SBR Port 1812

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000015761
Applies ToRSA Authentication Manager 7.1 SP4
IssueHow to mitigate possible security vulnerability discovered by penetration testing on AM 7.1 SP4. Possible Security Vulnerability reported was Directory Indexing enabled for Radius port 1812.
CauseDirectory Indexing has been enabled on Radius port 1812. This is classified as a security hole, under the assumption that an attacker may be able to access sensitive information, or view contents of files that should be restricted. Using this vulnerability and the information it divulges, an attacker may be able to formulate more efficient attacks against the system or application.
Resolutionhe files available in the directory index at TCP 1812/sbr and below are the files associated with this unused and unlicensed console (which is a normal part of the full Juniper SBR offering).

There is no security risk for the files shown in the directory index. These are public components of the SBR product from Juniper Networks and do not include any user or customer data - or any custom data unique to the instance.

While there is no risk to the access of the files or this interface, this weakness can be mitigated:

First - you should know that this port: 1812 TCP (as well as 1813 TCP) are not ports which should be open to the public. Since the third-party SBR administration is not used, this means that even administrators DO NOT need access to these ports. While TCP 1812 is not used for the SBR console it is still required for RADIUS administration and replication between AM and RADIUS servers. The firewall should be configured to only allow access to 1812/TCP and 1813/TCP between the AM server systems. (Note that these ports should not be confused with the standard RADIUS ports 1812/UDP and 1813/UDP which are used for authentication and accounting and so must be open to the RADIUS client NAS devices.)

To remove the directory indexing issue:

  • Go to the RSA_AM_HOME directory and then to radius or radius\Service depending upon your platform.
  • Look for a sub-directory: website or Website
  • In this website directory you will find a sub-directory sbr. This is the directory which is being viewed in the browser directory index.
  • Move this sbr directory out of the website directory or else delete it. The website directory should be empty.
  • This will prevent the directory indexing.
  • Unrelated to directory indexing, there will still be authentication requests for various urls at this port. These are associated with the replication and administration connections between the AM systems (the firewall should be adjusted to allow these connections between AM systems but not other systems).

Legacy Article IDa62293

Attachments

    Outcomes