2.5 - Unique X.509 Mapping should be present

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

X.509 specifies standard formats for certificates when the default Identity Asserter is used in WebLogic Server. The attribute value is a way of distinguishing user accounts from one another.

If attribute values are not unique, a less privileged user could inadvertently be granted the access rights of a more trusted user with the same attribute value

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

It should be ensured that the attribute value used to map from X.509 certificates to user accounts is unique within the certificate authority's domain of users.