This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

FTP credentials transmitted unencrypted

GayathriPulla
New Contributor
New Contributor

‎2018-03-23 06:36 AM

Hi Team ,. 

 

We are seeing this vulnerability on VLC's of version 10.6.5.0. could any one tell how to close the same. 

0 Likes
1 REPLY 1

Anonymous
Not applicable

‎2018-03-23 10:54 AM

Hi Gayathri,

 

We only use FTP to have logs transferred to us from 3rd party event sources that only support FTP.  FTP sends credentials in clear text.

 

The only way to address this is to move to FTPS, SFTP, or SCP, all of which encrypt credentials and are supported by the Log Collector.  The only question is if the event source supports one of them.

 

Note that the files transferred (by SFTP and others) can only be placed in directories that are chroot jailed.  There is no access to any other files on the box.

 

Thanks,

Guy

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.