IBM AIX WebSM Detection
Medium Nessus Network Monitor Plugin ID 3340
SynopsisThe remote server is running a web-based system manager.
DescriptionThe remote host is running IBM's WebSM, a web-based system manager. An attacker browsing this page would be able to gain information regarding the underlying operating system. Further, web-based system managers allow a point of attack for attackers who wish to brute-force accounts and passwords. Also, the application is not configured to use encryption. A passive attacker with the means to capture local traffic can sniff system configuration information.
SolutionEnsure that this application utilizes both strong encryption as well as authentication.