PTC case11578717 was recently submitted as a result of security scan by the customer. The results show a security vulnerability in the WindchillDS server. The administration port (4444) allows weak ssl encryption by default.
This is where we sit on the following for WindchillDS weak encryption:
-WindchillDS does not use an explicit Apache web server like the other APP nodes (app0x, bg0x). The process is used for authentication directly into the WinDS over a non-standard port.
-WindchillDS is built off OpenDS (current owner is Oracle)
-Any changes to alter the cipher is NOT SUPPORTED nor QA'd by PTC (vendor)
This product idea is to request that PTC work with Oracle to correct the security vulnerability in the Windchill DS component.