Details
A realm is a database of usernames and passwords used to identify valid users of web applications. Review the Realms configuration to ensure Jetty is configured to use JDBCRealm, DataSourceRealm, JNDIRealm, or JAASRealm. Specifically, should not utilize MemoryRealm.
MemoryRealm is not designed for production usage and could result in reduced availability.
Solution
Set the Realm className setting in $JETTY_HOME/etc/server.xml to one of the appropriate realms.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.