Vulnerability Title: Self-signed TLS/SSL certificate
Service Port:4443
Service Name: HTTPS
Service Protocol: tcp
Vulnerability Description:
The server's TLS/SSL certificate is self-signed. Self-signed certificates cannot be trusted by default, especially because TLS/SSL man-in-the-middle attacks typically use self-signed certificates to eavesdrop on TLS/SSL connections.
Solution:
Obtain a new TLS/SSL server certificate that is NOT self-signed and install it on the server or remove the demo certificates.
remove these demo.cert and DemoTrust.jks certificates and check:
$MWH/wlserver/server/lib/DemoTrust.jks
$MWH/wlserver/server/lib/demo.cert
No comments:
Post a Comment