Hi,
I'm testing now Veeam Backup & Replication 12 , Build 12.0.0.1420 P20230412 on Windows 2019. part of my security task , I ran the Tenable scanner and received the vulnerability issue on port 6172. any idea how to enforcing HSTS on port 6172.
From Tenable
Description
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Output from most recent scan
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
Solution
Configure the remote web server to use HSTS.
-
- Lurker
- Posts: 2
- Liked: never
- Joined: May 21, 2023 5:48 pm
- Full Name: Danny Ben
- Contact:
-
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Veeam 12 HSTS Missing From HTTPS Server port 6172
Hello,
and welcome to the forums.
Well, there is no web server running on that port... so that setting does not exist. It's a Veeam proprietary protocol that is using certificates for internal authentication. I guess Tenable should update their signatures
Best regards,
Hannes
and welcome to the forums.
Well, there is no web server running on that port... so that setting does not exist. It's a Veeam proprietary protocol that is using certificates for internal authentication. I guess Tenable should update their signatures
Best regards,
Hannes
-
- Lurker
- Posts: 2
- Liked: never
- Joined: May 21, 2023 5:48 pm
- Full Name: Danny Ben
- Contact:
Re: Veeam 12 HSTS Missing From HTTPS Server port 6172
Hi HannesK , Thank You for your reply , I will submit ticket and keep you update.
-
- Influencer
- Posts: 14
- Liked: never
- Joined: Jul 31, 2023 7:47 am
- Full Name: Carl
- Contact:
Re: Veeam 12 HSTS Missing From HTTPS Server port 6172
Do you fix the problem?dannyb1971 wrote: ↑May 21, 2023 5:59 pm Hi,
I'm testing now Veeam Backup & Replication 12 , Build 12.0.0.1420 P20230412 on Windows 2019. part of my security task , I ran the Tenable scanner and received the vulnerability issue on port 6172. any idea how to enforcing HSTS on port 6172.
From Tenable
Description
The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Output from most recent scan
The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.
Solution
Configure the remote web server to use HSTS.
Who is online
Users browsing this forum: Bing [Bot] and 59 guests