IBM WebSphere 'ResetPassword' Information Disclosure

Low Nessus Network Monitor Plugin ID 2712


The remote host may give an attacker information useful for future attacks.


The remote WebSphere webserver is vulnerable to an information leak. There is a flaw in the default ResetPassword form that would allow a remote attacker to obtain potentially confidential data (such as UserID) within the web server cache. An attacker exploiting this flaw would only need to be able to browse to the affected system and view the confidential data within the form source code.


Upgrade or patch according to vendor recommendations.

See Also

Plugin Details

Severity: Low

ID: 2712

File Name: 2712.prm

Family: Web Servers

Published: 2005/03/15

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 17337

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 3.6

Temporal Score: 3.4


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

BID: 12812