STIGQter STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Default password for keystore must be changed.

DISA Rule

SV-222931r615938_rule

Vulnerability Number

V-222931

Group Title

SRG-APP-000033-AS-000024

Rule Version

TCAT-AS-000060

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

From the Tomcat server as a privileged user, run the following command:

sudo keytool -storepasswd

When prompted for the keystore password, select a strong password, minimum 10 characters, mixed case alpha-numeric.

Document the password and store in a secured location that is only accessible to authorized personnel.

Check Contents

From the Tomcat server console, run the following command to check the keystore:

sudo keytool -list -v

When prompted for the keystore password type "changeit" sans quotes.

If the contents of the keystore are displayed, this is a finding.

Vulnerability Number

V-222931

Documentable

False

Rule Version

TCAT-AS-000060

Severity Override Guidance

From the Tomcat server console, run the following command to check the keystore:

sudo keytool -list -v

When prompted for the keystore password type "changeit" sans quotes.

If the contents of the keystore are displayed, this is a finding.

Check Content Reference

M

Target Key

4094

Comments