Check: SUN0160
Sun Ray 4 STIG:
SUN0160
(in version v1 r2)
Title
The Sun Ray server console administration sessions are not encrypted. (Cat II impact)
Discussion
Unencrypted Sun Ray server console sessions do not protect the information transmitted from being read or viewed by anyone. Unencrypted sessions are vulnerable to a number of attacks to include man-in-the-middle attacks, TCP Hijacking, and replay.
Check Content
Have the administrator log into the Sun Ray administrator console by typing the following: http://localhost:1660. If the session does not switch to https://localhost:1661 in the browser, this is a finding.
Fix Text
Encrypt all Sun Ray server console sessions.
Additional Identifiers
Rule ID:
Vulnerability ID: V-16145
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |