Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How to remove this PCI compliance scan vulnerability?

Hello,

We are trying to get a firewall to pass a PCI compliance scan, but are getting this attached vulnerability flagged. Has anyone encountered this before? Is the fix to turn on TOTP?

Thanks in advance!

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • Vulnerability Details - HTML page uses cleartext form-based authentication (/doc/page/login.asp)

    Path: /login.asp

    THREAT REFERENCE

    Summary:

    HTML page uses cleartext form-based authentication (/doc/page/login.asp)

    Risk: High (3)

    Port: 8080/tcp

    Protocol: tcp

    Threat ID: web_security_clearpass

    Details: There are potential vulnerabilities associated with

    HTML form-based authentication:

    Clear-text Form-based Authentication.

    The password is sent over the network unencrypted when a user submits the login form, thereby allowing an

    attacker who is capable of sniffing the network to view

    the password.

    Information From Target:

    Service: 8080:TCP

    Received:

    <input type="password" class="inputtip logininputwidth" id="password" ng-model="password" maxlength="16" placeholder="{{oLan.password}}" />

  • BWCBWC Cybersecurity Overlord ✭✭✭

    What Service is listening on Port 8080, Firewall HTTP Management? If yes, what Firmware you're running?

    It occurs to me that 8080 is a NAT to a internal HTTP Service running on an IIS? /doc/page/login.asp isn't something I can see in relevance with a SNWL.

    If it's a Web Application you might be better off asking this vendor/developer.

    --Michael@BWC

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Truvision DVR

    Don't allow access from anywhere on internet to an NVR.

    Enable HTTPS on web interface of NVR and forward that port instead.

    If you can't enable HTTPS on this device then only allow access for VPN client users instead.

  • I believe this is it! There is a rule setup for NVR services from WAN to LAN allowing any to the WAN IP over ports 8000, 8080 and 8554. Will try disabling this rule and running the scan.

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    Hi @sonicwalls_rock


    Please Disable user login via http and management login via http on the interface settings.

Sign In or Register to comment.