6929 : IBM AIX Remote Login Disable Password Verification Disclosure
Printer | http://osvdb.org/6929 | Email This | Edit Vulnerability

Views This Week

Views All Time

241

Info

Last Modified

about 1 year ago

Percent Complete

100%

Disclosure

Feb 03, 2004

Discovery

Unknown

Dates

Exploit

Feb 03, 2004

Solution

Unknown

Keywords

No Keywords

Description

IBM AIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker attempts to login to an account which has remote login disabled. If the userid and password combination is correct the operating system will respond with a text saying that remote logins are disabled. The attacker can thus brute-force or verify a password resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): implement better password policies making it harder to guess password or refrain from disabling remote login

Products

International Business Machines Corporation	AIX	4.3.3
		5.1
		5.2

References

ISS X-Force ID: 15172
CVE ID: 2004-0243 (see also: NVD)
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107583269206044&w=2
http://seclists.org/lists/security-basics/2004/Feb/0157.html

Credit

Scott Jefferd - scott.jefferdcantire.com -

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit

Blogs

Comments