AMQP clear text Authentication Vulnerability in stackstrom

[SowmyaSekaran1510]

We are using stactstrom version st2 3.4.1, on Python 3.6.8 in rhel 7 and we are getting this AMQP clear text Authentication Vulnerability from security team. Could you please help us to resolve this Vulnerability??

[nzlosh]

The default installation for RabbitMQ is clear text. It is up to the site administrator to correctly configure Authentication/Encryption for their environment, you can consult the StackStorm specific information here https://docs.stackstorm.com/install/config/config.html#configure-rabbitmq, and RabbitMQ documentation in general https://www.rabbitmq.com/access-control.html and https://www.rabbitmq.com/ssl.html.

If you are reporting a security vulnerability in the StackStorm software, please read and follow the procedure describe here https://docs.stackstorm.com/security.html to report the security concern.