IBM AIX WebSM Detection

Medium Nessus Network Monitor Plugin ID 3340

Synopsis

The remote server is running a web-based system manager.

Description

The remote host is running IBM's WebSM, a web-based system manager. An attacker browsing this page would be able to gain information regarding the underlying operating system. Further, web-based system managers allow a point of attack for attackers who wish to brute-force accounts and passwords. Also, the application is not configured to use encryption. A passive attacker with the means to capture local traffic can sniff system configuration information.

Solution

Ensure that this application utilizes both strong encryption as well as authentication.

Plugin Details

Severity: Medium

ID: 3340

Family: CGI

Published: 2006/01/02

Modified: 2016/01/15

Risk Information

Risk Factor: Medium