Automation Controller must utilize encryption when using LDAP for authentication.
An XCCDF Rule
Description
<VulnDiscussion>To avoid access with malicious intent, passwords will need to be protected at all times. This includes transmission where passwords must be encrypted for security.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-256907r903514_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Log in to Automation Controller as an administrator and navigate to Settings >> Authentication >> LDAP settings.
Click "Edit".
Modify the "LDAP SERVER URI" field so that it begins with "ldaps://".