IBM WebSphere 'ResetPassword' Information Disclosure

ID 2712.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00


The remote WebSphere webserver is vulnerable to an information leak. There is a flaw in the default ResetPassword form that would allow a remote attacker to obtain potentially confidential data (such as UserID) within the web server cache. An attacker exploiting this flaw would only need to be able to browse to the affected system and view the confidential data within the form source code.

                                            Binary data 2712.prm