22nd May 2024

“AMQP Cleartext Authentication” Vulnerability and Solution to Vulnerability

Scanning with Nessus on the Thycotic PAM RabbitMQ server revealed the following vulnerability. Normally SSL connections and settings are made. Despite this, this clarity emerged.

Description
Synopsis

The remote host is running a service that allows cleartext authentication.

Description

The remote Advanced Message Queuing Protocol (AMQP) service supports one or more authentication mechanisms that allow credentials to be sent in the clear.

Solution

Disable cleartext authentication mechanisms in the AMQP configuration.

Output

CVE IDs

null

DNS Name

RABBITMQ.systemconf.local

NetBIOS Name

SYSTEMCONF\RABBITMQ

AMQP Cleartext Authentication
AMQP Cleartext Authentication

 

Solution to Vulnerability

When I researched this vulnerability, it was found on the RabbitMQ server. On the RabbitMQ server, paste the command “listeners.tcp = none” into the “C:\RabbitMQ\rabbitmq.conf” file and restart the RabbitMQ service. If it is Nessus again, this vulnerability will be resolved when the scan is performed.

listeners.tcp = none
listeners.tcp = none

 

LEARN MORE  What is Burp Suite? How to use? Example Brute Force Attack with Burp Suite

Leave a Reply

Your email address will not be published. Required fields are marked *