AnsweredAssumed Answered

Web Server Uses Plain-Text Form Based Authentication

Question asked by Alessandro Moretti on Dec 4, 2015

Hello guys,

 

I got this level 3 issue in my internal scan. The issue appear testing my tomcat server right on the IP.

 

Trying to resolve this I found that I should that enable HTTPS only request on the Tomcat. I have done this using the COMODO certificate that I've already got on my website, but after done that qualys scan point a level 2 issue that the server's certificate does not match the URL, that makes sense once the certificate is a name and de URL is a IP.

 

There's any way to fix this making my tomcat server HTTPS or should I treat this one as a false positive as long the external scan don't got any king of issue on level 3 issue and the level 2 got a certificate that I can trust as long is mine?

 

Thanks in advance.

Outcomes