We are running Skyline Health Diagnostics-server (version 3.5.1) and use a program from Pentera to find security problems in our network.
Now Pentera-program is giving following warning about our VMware Skyline Health Diagnostics-server: Server is using easy-to-guess credentials for a web service
Pentera have found/tested with several accounts on Skyline Health-server, like administrator, anonymous, debug, guest, manager, monitor, operator and some more accounts and IF I understand Pentera report correctly, these accouts have too week passwords on "site" https://X.X.X.X/analysis/analyze
Remediation suggestion from Pentera is:
Enforce a better password policy on every service. It is recommended to set SSL based connections in order to encrypt the information passing on the network. Limit the login attempts to the web services. It is also recommended not to use known user names
Is this information correct and in that case, what can I/we do to solve this sequrity problem?