Hi all,
We have an open support ticket on this but thought reaching out to the community may prove useful.
Our security scanning software has generated a ticket for each of our IC Media Servers. The vulnerability identified is " Vulnerability found for: HSTS Missing From HTTPS Server (RFC 6797)"
The description is: The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Question is, have any of you ran into this vulnerability with the media servers?
If so, do you have a suggested way to mitigate or add HSTS to the media servers? It seems to be related to Port 446 and the media servers web interface. We're running 2020 R2 Patch 7.
Thanks all!
#Security#SystemAdministration------------------------------
Shane Jenkins
SAIC
------------------------------