WBSP-AS-000240 - The WebSphere Application Server users in a LDAP user registry group must be authorized for that group.

Information

Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges.

Restricting non-privileged users also prevents an attacker, who has gained access to a non-privileged account, from elevating privileges, creating accounts, and performing system checks and maintenance.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

In the LDAP server admin console, assign WebSphere users to the appropriate WebSphere group.

See Also

http://iasecontent.disa.mil/stigs/zip/U_IBM_WebSphere_Traditional_V9-x_V1R1_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CAT|II, CCI|CCI-002235, Rule-ID|SV-95945r1_rule, STIG-ID|WBSP-AS-000240, Vuln-ID|V-81231

Plugin: Unix

Control ID: aac2316a5154d3e550de3cd6c06ef7fcfa9daaaf40b01dc9a71d17704141898e