The TCP 4172 listener on View Security Server 4.6, in its turn, will negotiate only with a PCoIP client executing in the context of an authenticated and authorized user. The client will connect to the supplied IP address/port number and will proceed only if the far end is a PCoIP server or View Security Server. This channel is protected using an SSL server certificate that can be replaced by a CA signed certificate. When a PCoIP virtual desktop is selected by the user at the View Client, View Connection Server (via Security Server) returns an IP address, a port number and a one-time token to the client to enable the PCoIP connection to the Security Server. Authentication and authorisation is performed over an HTTPS (TCP 443) connection to View Security Server. One of the roles of the View Security Server is to ensure that only traffic on behalf of authenticated users is allowed to reach the internal network and only to those desktops that the user is authorized to access. It’s also an interesting read, regardless: They were incredible helpful and went out of their way with conference calls, performing research on our behalf, and even writing up the following explanation on why the aforementioned results are actually false positives. To try to either get this fixed, we reached out to our local VMware reps for assistance. We opened a ticket with VMware who explained that this was due to port 4172 not using the SSL certificate that is used for HTTPS, and subsequently opened a ticket with Teradici. We found this odd since we had an SSL certificate installed on the Security Server, and going to the site externally showed it using a proper cert.
#Teradici pcoip windows client invalid certificate verification
SSL Certificate - Signature Verification Failed Vulnerability.SSL Certificate - Subject Common Name Does Not Match Server FQDN.SSL Server Supports Weak Encryption Vulnerability (port 4172/tcp over SSL).As part of our periodical PCI Compliance scans, our corporate vulnerability scanner recently picked up the View 4.6 PCoIP Gateway as having a few issues.
0 kommentar(er)
