IBM WebSphere 'ResetPassword' Information Disclosure

2005-03-15T00:00:00
ID 2712.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00

Description

The remote WebSphere webserver is vulnerable to an information leak. There is a flaw in the default ResetPassword form that would allow a remote attacker to obtain potentially confidential data (such as UserID) within the web server cache. An attacker exploiting this flaw would only need to be able to browse to the affected system and view the confidential data within the form source code.

                                        
                                            Binary data 2712.prm