Check: BBDS-00-000310
Policy SRG:
BBDS-00-000310
(in version v1 r1)
Title
The key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use must be changed from the default. (Cat III impact)
Discussion
The key store password protects the server digital authentication certificates from unauthorized use.
Check Content
When you install the BlackBerry Administration Service, the setup application generates a password for the web.keystore file. The web.keystore file stores the SSL certificate that the BlackBerry Administration Service uses to authenticate with browsers. You can change the web keystore password after the installation process completes. All BlackBerry Administration Service instances in a BlackBerry Device Service domain must use the same web keystore password. Before you begin: To verify the current password for the web.keystore file, log in to the BlackBerry Administration Service using an administrator account with the Security Administrator role. On the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view, click BlackBerry Administration Service, and check the Security settings section. 1. On a computer that hosts a BlackBerry Administration Service instance, open the BlackBerry Device Service Configuration tool. 2. On the Administration Service - Web Keystore tab, type the current password. 3. Type a new password and confirm the new password. 4. Click OK. 5. In the Windows Services, restart the BlackBerry Administration Service services. 6. Repeat steps 1 to 5 on each computer that hosts a BlackBerry Administration Service instance. If the default passwords have not been changed, this is a finding.
Fix Text
Change the key store password for the certificate that the BlackBerry Administration Service (BAS) and BlackBerry Web Desktop Manager (BWDM) use from the default.
Additional Identifiers
Rule ID:
Vulnerability ID: BBDS-00-000310
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000186 |
The information system, for PKI-based authentication, enforces authorized access to the corresponding private key. |
Controls
Number | Title |
---|---|
IA-5 (2) |
Pki-Based Authentication |