AnsweredAssumed Answered

SSL Anonymous Auth Vulnerability, Disable in Lighttpd?

Question asked by wesley on May 5, 2014
Latest reply on May 13, 2014 by wesley

Hi, I have a Qualys report that says my Cisco video conferencing endpoint has this threat: "SSL Server Allows Anonymous Authentication Vulnerability".


The Qualys report has this SOLUTION:

    Disable support for anonymous authentication.


    1) Apache:

    Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:

    SSLProtocol -ALL +SSLv3 +TLSv1



    For Apache/apache_ssl include the following line in the configuration file (httpsd.conf):



    2) IIS ...
    3) Wu-FTP...


I used SSH to log into the system and I see that it is running Lighttpd, not Apache. So my question is, how can I disable anonymous authentication on Lighttpd? Or instead of messing with the root files, is there a different solution?