The Automation Controller web server must manage sessions.
An XCCDF Rule
Description
<VulnDiscussion>Session management on client and server is required to protect identity and authorization information. Sessions for the Automation Controller web server, if compromised, could lead to execution of jobs on remote endpoints as if authenticated. Satisfies: SRG-APP-000001-WSR-000002, SRG-APP-000001-WSR-000001, SRG-APP-000295-WSR-000012, SRG-APP-000295-WSR-000134</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-256940r903545_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Log in to Automation Controller as an administrator and navigate to Settings >> System >> Miscellaneous Authentication.
Click "Edit".
Set the following parameters: