AMQP Cleartext Authentication
Description The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear. Solution Disable cleartext authentication mechanisms in the AMQP configuration in ubuntu or centos machines disable unencrypted access in the configuration file. >> unencrypted" here refers to client connections. https://www.rabbitmq.com/ssl.html Steps of disabling the AMQP: https://liquidwarelabs.zendesk.com/hc/en-us/articles/360019562832-Disable-cleartext-authentication-option-in-RabbitMQ The above link used for windows vulnerability. Please help in getting resolution for Centos or Ubuntu configuration file.SSL Certificate with Wrong Hostname
SSL Certificate with Wrong Hostname The SSL certificate for this service is for a different host. The commonName (CN) of the SSL certificate presented on this service is for a different machine. Purchase or generate a proper certificate for this service solution provided on other sites : "Purchase or generate a proper certificate for this service." What is the proper solution to go away for this vulnerability from linux machines and how to implement the solution ?
SSL Anonymous Cipher Suites Supported
The remote host supports the use of SSL/TLS ciphers that offer no authentication at all. Solution: Reconfigure the affected application, if possible to avoid the use of anonymous ciphers. openssl ciphers -v ssl-disable-anon-ciphers What is the proper solution for the affected load balancer Haproxy linux server ?Redis Server Unprotected by Password Authentication
Solution : Enable the 'requirepass' directive in the redis.conf configuration file.check if Redis is working on the servers.$ redis-cli ping PONG #requirepass "xxxxxxxx"-- change the password of the user and uncomment it. /etc/init.d/redis-server status /etc/init.d/redis-server stop /etc/init.d/redis-server start The above solution provided are for single server What is the solution for the clusters of Linux and there are multiple configuration files given below? config/redis/redis_121.conf config/redis/redis_122.conf config/redis/redis_123.conf config/redis/redis_124.conf config/redis/redis_125.conf
False Positive on AWS WAF F5 Managed Rule F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body
Hello I'm not sure if this is a question for AWS support or F5 but I'll start with F5support. We recently enabled 2 sets of rules on a AWS WAFv2 from F5 (F5-CVE_Managed and F5-OWASP_Managed). Once we did we started seeing a false positive for an API call with the following rule... F5#OWASP_Managed#rule_div_tag__behavior__Parameter__AllQueryArguments_Body After some further investigation we discovered the rule is tripped when we make a request which contains embeded HTML in the body and this HTML contains a div tag with a base64 encoded image. Can you give us more background information on exactly what this rule is doing and how we should go about avoiding this false positive? Andy
Setting up a tcpdump filter
ALCON need an assist if you can.I have a customer who want a TCPDUMP using a specific filter. (ip.src == 192.102.67.73) && (tcp.srcport == 443) && (tcp.flags == 0x018) && (tls.record.content_type == 22) && (tls.handshake.type == 2) && !(tls.handshake.ciphersuite in {0xc02b 0xc023 0xc02c 0xc024 0xc02f 0xc030 0x1301 0x1302})
Essential App Protect source IP ranges
Hi, I have setup an app in Essential App Protect and want to restrict my firewall to only allow traffic from the F5 Cloud Services instance. What are the IPs/Ranges that I need to use? I have tried the ones published for DNS but it looks like IP's outside of those ranges are hitting the firewall. Thanks
