You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The VA EAS team conducted an annual pentest on the production VPC on 3/29/2022 and found a certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority.
The certificate in question is the one that secures Tugboat and other related CI DNS names. This was a Venafi generated certificate meaning there isn't a lot that can be done to remediate this issue. The only option is to renew the cert and wait for VA EAS to rescan.
@olivereri I'm tentatively adding this to the S83 queue. Based on the new ACs we reviewed yesterday, do you have a feel for what this would be pointed?
@olivereri I'm tentatively adding this to the S83 queue. Based on the new ACs we reviewed yesterday, do you have a feel for what this would be pointed?
Added a comment to the related va.gov-team-sensitive ticket. After reviewing the report again and noticing a mismatch between CIDR ranges for the scanned resources I determined that there are other load balancers using Tugboat's certificate. Specifically dsva-vagov-prod-tools is using Tugboat's certificate. Once that's removed this will no longer be a finding, however it's not for us to remediate.
Description
The VA EAS team conducted an annual pentest on the production VPC on 3/29/2022 and found a certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority.
The certificate in question is the one that secures Tugboat and other related CI DNS names. This was a Venafi generated certificate meaning there isn't a lot that can be done to remediate this issue. The only option is to renew the cert and wait for VA EAS to rescan.
Relations
https://github.com/department-of-veterans-affairs/va.gov-team-sensitive/issues/441#zh-event-110737343
Acceptance Criteria
Team
Please check the team(s) that will do this work.
CMS Team
Public Websites
Facilities
User support
The text was updated successfully, but these errors were encountered: