Hi, I have a Qualys report that says my Cisco video conferencing endpoint has this threat: "SSL Server Allows Anonymous Authentication Vulnerability".
The Qualys report has this SOLUTION:
Disable support for anonymous authentication.
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:
SSLProtocol -ALL +SSLv3 +TLSv1
For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):
2) IIS ...
I used SSH to log into the system and I see that it is running Lighttpd, not Apache. So my question is, how can I disable anonymous authentication on Lighttpd? Or instead of messing with the root files, is there a different solution?