icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CA eTrust SCM Plaintext Login Detection

Medium

Synopsis

The remote host passes information across the network in an insecure manner.

Description

The remote host is running the CA eTrust SCM application. The administrative interface is enabled on this host. Further, PVS has just observed a client logging in with plaintext credentials. Confidential data, such as administrative passwords, should always be passed over encrypted or secured channels.

Solution

Force the use of encryption during login and all administrative functions.