how to fix Vulnerability number:34850 Web Server Uses Basic Authentication Without HTTPS

Sunhith shared this question ago

Answered

The same question

Comments (2)

David Registro ● 13 months ago

Hi Sunith,

Can I confirm this is the article you're referring to? Web Server Uses Basic Authentication Without HTTPS

If so, is there a reason to believe that there is a different solution?

I'm no security experts by any means, though my interpretation of the article is that this is 'just how it is' as it was created in 2008, and updated again in 2016, though nothing since.

Thanks,David

Reply URL

Sunhith ● 12 months ago

Hi David,

I mean this is correct, what I need to know is whether this problem can be fixed or how it should be fixed.

Thank you,

Sunhith

Reply URL

David Registro ● 12 months ago

Hi Sunith,

Ok so this isn't a product problem that can be fixed via code, it's just a matter of configuring your environment to enable HTTPS. This is done at the application server level (e.g Tomcat). We do have some guidance here, however please keep in mind this level of configuration lies outside of application support so further assistance will need to be provided via our consulting channel.

In saying this, I know BMC already has a few platforms with HTTPS enabled so think an easy out is to ask your team to assist, as what you're after has already been done ;) .

Hope this helps and please let me know if you need any further guidance.

Regards,David

URL