Documentation - V-213531

V-213531

JBoss Enterprise Application Platform 6.3 Security Technical Implementation Guide

CAT II

Title

JBoss KeyStore and Truststore passwords must not be stored in clear text.

Description

<VulnDiscussion>Access to the JBoss Password Vault must be secured, and the password used to access must be encrypted. There is a specific process used to generate the encrypted password hash. This process must be followed in order to store the password in an encrypted format. The admin must utilize this process in order to ensure the Keystore password is encrypted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations...

Fix Text (Documentation Requirement)

Configure the application server to mask the java keystore password as per the procedure described in section 11.13.3 -Password Vault System in the JBoss_Enterprise_Application_Platform-6.3-Administration_and_Configuration_Guide-en-US document.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel