jbenn313
commented
6 years ago Hi Pietro:
CRXDE Lite should not be available in this way. I am glad that you noticed this. (I recommend reviewing the AEM Security Checklist [1] for other possible areas of vulnerability.)
The best practice in production is to make CRXDE Lite available via IP address only, and then only for those who truly need it. It should not be available to anyone from the url.
Do you require access to CRXDE LIte in production? If so, why? For what?
Are you able to get to CRXDE Lite from http://54.94.244.75:4502/crx/de/index.jsp ? That should be the only way to get to CRXDE LIte.
JB
[1] https://docs.adobe.com/docs/en/aem/6-3/administer/security/security-checklist.html
Hello JB,
Is there a way to unable viewing permission to itau external group of CRXDE/lite?
An external user can navegate through CRXDE/lite's platform and find classified information and even check our tools options list...
How do we proceed?
thank you