InformationNetwork devices should not be managed using unencrypted HTTP sessions
JWeb can be configured to provide a Web GUI over either HTTP or HTTPS.
HTTP transmits all data (including passwords) in clear text over the network and provides no assurance of the identity of the hosts involved.
Because of this HTTP should never be used for sensitive tasks such as managing network devices or entering login credentials and HTTP Web-Management should be disabled.
Ensure that management using HTTPS or other secure methods is configured and working before disabling HTTP access. Otherwise you may be unable to connect back to the device for management.
NOTE: The JWeb service does not appear to be configured on the target. This check is not applicable.
SolutionTo disable HTTP access issue the following command from the [edit system services web-management] hierarchy:
[edit system services web-management]
[email protected]#delete http
Varies by platform.