Blog Viewer

Protect Your WAMUI

By Rich_Faust posted 04-02-2018 03:35 PM


The administrative interface to CA SSO provides a ripe target for malicious actors, both internal and external.  You would think administrators would take appropriate precautions to secure that interface, but I have seen many instances where the Web Access Manager User Interface (WAMUI, aka AdminUI) is published on a non-secure port.  That means administrator credentials are routinely on the wire in clear text.  To add further risk, the WAMUI is not protected by an agent, so many non-administrators have the ability to probe and attack the WAMUI in the "bad guys" unending quest to compromise the security of the single sign-on environment in particular and the enterprise at large.


I'm new to blogging and not yet familiar with the mechanics of this tool.  I envision this topic being a series of posts rather than one monolithic treatise, so please have patience while I figure out whether I can amend or append to this post or have to create a separate blog topic for each installment of the Saga of WAMUI Security.