Documentation - V-255856

V-255856

IBM WebSphere Traditional V9.x Security Technical Implementation Guide

CAT II

Title

The WebSphere Application Server process must not be started from the command line with the -password option.

Description

<VulnDiscussion>The use of the -password option to launch a WebSphere process from the command line can result in a security exposure. Password information may become visible to any user with the ability to view system processes. For example, on a Linux system the "ps" command will display all running processes, which would include all of the command line flags used to start a WebSphere process.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false...

Fix Text (Documentation Requirement)

When starting WebSphere commands, such as wsadmin, stopManager, stopNode, stopServer, or syncNode; do not use the "-password <password>" option. Use the interactive mode instead; you will be prompted for user id and password. For scripts, you may configure user id and password in the "connector properties" files. These files are under "Profile_Root/Properties" folder. - soap.client.props: for default SOAP - sas.client.props : for RMI and JSR160RMI connectors - ipc.client.props: for IPC connector

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel