So in our project we received a warning from our security team regarding some plain text authentication occurring on our Pega server. We’ve looked into it and we see that Pega is listening on that port with a GET request showing up as “GET /exchweb/bin/auth/ HTTP/1.1 Host: servername:7003 Connection: Keep-Alive”.
We are thinking it has do with our interfacing with Kafka as the timing seems to be matching up with when that went live but we are not sure and I’m not turning up much in research. Is there a specific process that uses port 7003 or run into this same issue before and how was it resolved?
Short answer: 7003 isn’t a Pega “feature” port; it’s your application server’s HTTP listener (commonly WebLogic managed server listen port), and Kafka isn’t involved—Kafka/Stream/SRS use other ports (9092/5701/92xx/93xx). The path /exchweb/bin/auth is a telltale of internet scanners probing for old Exchange; they’ll hit whatever port responds to plain HTTP. Confirm the owner with ss -ltnp | grep :7003 (or netstat/lsof on Windows) and you’ll see the app server PID. Fix is simple: serve Pega only over HTTPS, disable the clear-text connector on 7003 (or bind it to localhost), or enforce HTTP→HTTPS redirect with no auth headers accepted. Lock exposure at the edge: restrict 7003 with firewall/WAF/ALB security groups to internal subnets. Also verify Pega’s public base URL points to your TLS endpoint and that no load balancer is forwarding port 7003 externally. Once 7003 is closed or TLS-only, the “plain text authentication” alerts will stop.