CVE-2019-4061: Harvesting Data from BigFix Relay Servers.
What mitigations are there to each of the vulnerabilities raised in the article?
Authenticated Relays are an obvious start, but what else can be done to minimise the leakage of information or prevent compromise via the BigFix relay?
Hi,
I’m not affiliated with IBM but if you’re part of a security group at an organization and want any POC tooling to see what kind of information is accessible from your non-authenticating relays, I have some tools available that reproduce what this CVE is claiming is vulnerable.
Feel free to contact me for access to these tools.
Relay authentication is the start and the end. If the relay is authenticating, everything discussed in this vulnerability is addressed. The point of the vulnerability announcement was to make sure customers are aware and have made this configuration change to all internet-facing relays.
You can also configure internal relays to be authenticating, but may need to update your client deployment process to support password-based registration in that case.