Info

Disclosure

Feb 03, 2004

Discovery

Unknown

Dates

Exploit

Feb 03, 2004

Solution

Unknown

Description

IBM AIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker attempts to login to an account which has remote login disabled. If the userid and password combination is correct the operating system will respond with a text saying that remote logins are disabled. The attacker can thus brute-force or verify a password resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): implement better password policies making it harder to guess password or refrain from disabling remote login

Products

International Business Machines Corporation	AIX	4.3.3
		5.1
		5.2

References

ISS X-Force ID: 15172
CVE ID: 2004-0243 (see also: NVD)
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107583269206044&w=2
http://seclists.org/lists/security-basics/2004/Feb/0157.html

Credit

Scott Jefferd - scott.jefferdcantire.com -

Direct URL: http://osvdb.org/6929

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit