IBM InfoSphere Data Replication Dashboard Unpassworded User Enumeration
Medium Nessus Plugin ID 65895
SynopsisIt is possible to enumerate the list of users that do not require authentication for a web application hosted on the remote host.
DescriptionThe version of IBM InfoSphere Data Replication Dashboard hosted on the remote web server displays its list of users that can authenticate without using a password. A remote, unauthenticated attacker could use this information to gain unauthorized access to the application.
SolutionUpgrade to IBM InfoSphere Data Replication Dashboard version 10.2.0.0-b113 or later.