Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM WebSphere 'ResetPassword' Information Disclosure



The remote host may give an attacker information useful for future attacks.


The remote WebSphere webserver is vulnerable to an information leak. There is a flaw in the default ResetPassword form that would allow a remote attacker to obtain potentially confidential data (such as UserID) within the web server cache. An attacker exploiting this flaw would only need to be able to browse to the affected system and view the confidential data within the form source code.


Upgrade or patch according to vendor recommendations.