000014909 - Connecting to the RSA RADIUS Server using https://(name or IP):1813 seems to allow login to a blank page

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014909
Applies ToAuthentication Manager Version 8
RSA RADIUS Server
IssueConnecting to the RSA RADIUS Server using https://(name or IP):1813 seems to allow login to a blank page
A security scan shows 1813/tcp is open
CauseThe RSA RADIUS Server is a specially licensed version of Juniper Steel-Belted RADIUS 6.1 . This product uses TCP/1813 for RADIUS Administration (it is not related to the RADIUS Accounting port UDP/1813).  TCP Port 1813 will accept a https connection attempt, and it may look like the provided credentials have allowed a login because a blank page is displayed, however there has been no successful login. This can be confirmed by looking in /opt/rsa/am for the file (date).log , it will show failed authentications similar to:
 
01/09/2014 10:25:33 read access to URI '/' denied due to failed logon attempt
01/09/2014 10:25:46 read access to URI '/' denied due to failed logon attempt
01/09/2014 10:25:49 read access to URI '/' denied due to failed logon attempt
01/09/2014 10:25:49 read access to URI '/favicon.ico' denied due to failed logon attempt
ResolutionThis is functioning as designed.
NotesBlocking access to the port may seem like a suitable way to address the issue, but if there are , or may possibly be any Replica servers, all  servers need to be able to reach all other servers on thisport, see the documentation for details.
AM-27788
Legacy Article IDa63654

Attachments

    Outcomes