Skip to content
Catalogs
XCCDF
JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide
SRG-APP-000163-AS-000111
JBoss management Interfaces must be integrated with a centralized authentication mechanism that is configured to manage accounts according to DoD policy.
JBoss management Interfaces must be integrated with a centralized authentication mechanism that is configured to manage accounts according to DoD policy. An XCCDF Rule
JBoss management Interfaces must be integrated with a centralized authentication mechanism that is configured to manage accounts according to DoD policy.
Medium Severity
<VulnDiscussion>JBoss EAP provides a security realm called ManagementRealm. By default, this realm uses the mgmt-users.properties file for authentication. Using file-based authentication does not allow the JBoss server to be in compliance with a wide range of user management requirements such as automatic disabling of inactive accounts as per DoD policy. To address this issue, the management interfaces used to manage the JBoss server must be associated with a security realm that provides centralized authentication management. Examples are AD or LDAP.
Management of user identifiers is not applicable to shared information system accounts (e.g., guest and anonymous accounts). It is commonly the case that a user account is the name of an information system account associated with an individual.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>