Options
Authentication portal discloses AD FQDN
Hi,
I am running a security audit for a client with a Watchguard Firebox.
I am a bit surprised that the authentication portal does let appear the Active Directory FQDN on the authentication form (drop-down list permitting to chose Firebox auth or AD auth).
This is a HUGE infrastructure information disclosure.
In most cases it would allow to make a link between the IP address and the company name, thus permitting hackers to try brute-force the authentication form with narrowed informations (leaked credentials for example).
Any way to add an option to hide this information or at least give an alias "name" that could be configured on the authentication server form ?
Regards,
0
Sign In to comment.
Comments
Hi, had ananswer from support : fix to come.
FBX-17227 A setting to show/hide the Server drop down list for Access Portal