Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM AIX WebSM Detection

Medium

Synopsis

The remote server is running a web-based system manager.

Description

The remote host is running IBM's WebSM, a web-based system manager. An attacker browsing this page would be able to gain information regarding the underlying operating system. Further, web-based system managers allow a point of attack for attackers who wish to brute-force accounts and passwords. Also, the application is not configured to use encryption. A passive attacker with the means to capture local traffic can sniff system configuration information.

Solution

Ensure that this application utilizes both strong encryption as well as authentication.