IBM WebSphere 'ResetPassword' Information Disclosure
Low Nessus Network Monitor Plugin ID 2712
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote WebSphere webserver is vulnerable to an information leak. There is a flaw in the default ResetPassword form that would allow a remote attacker to obtain potentially confidential data (such as UserID) within the web server cache. An attacker exploiting this flaw would only need to be able to browse to the affected system and view the confidential data within the form source code.
SolutionUpgrade or patch according to vendor recommendations.