The JBoss Password Vault must be used for storing passwords or other sensitive configuration information.

An XCCDF Rule

Description

JBoss EAP 6 has a Password Vault to encrypt sensitive strings, store them in an encrypted keystore, and decrypt them for applications and verification systems. Plain-text configuration files, such as XML deployment descriptors, need to specify passwords and other sensitive information. Use the JBoss EAP Password Vault to securely store sensitive strings in plain-text files.

ID: SV-213530r981682_rule
Version: JBOS-AS-000295
Severity: Medium
References: CCI-000196
Updated: 5 days ago

Remediation Templates

Configure the application server to use the java keystore and JBoss vault as per section 11.13.1 -Password Vault System in the JBoss_Enterprise_Application_Platform-6.3-Administration_and_Configuration_Guide-en-US document.

1. Create a java keystore.
2. Mask the keystore password and initialize the password vault.
3. Configure JBoss to use the password vault.

The JBoss Password Vault must be used for storing passwords or other sensitive configuration information.

Description

Remediation Templates

A Manual Procedure