cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Correct security vulnerability in WDS

Correct security vulnerability in WDS

PTC case 11578717 was recently submitted as a result of security scan by the customer.  The results show a security vulnerability in the WindchillDS server. The administration port (4444) allows weak ssl encryption by default.

This is where we sit on the following for WindchillDS weak encryption:

-WindchillDS does not  use an explicit Apache web server like the other APP nodes (app0x, bg0x). The process is used for authentication directly into the WinDS over a non-standard port.

-WindchillDS is built off OpenDS (current owner is Oracle)

-Any changes to alter the cipher is NOT SUPPORTED nor QA'd by PTC (vendor)

This product idea is to request that PTC work with Oracle to correct the security vulnerability in the Windchill DS component.

1 Comment
Community Manager
Status changed to: Archived