OS/400 User Account Name Disclosure Vulnerability
AS/400 is a midrange computer platform developed by IBM. It is designed to be highly reliable and efficient, and uses the OS/400 operating system.
An information disclosure vulnerability has been reported to exist in OS/400 systems. An authenticated user may be able to obtain a list of all valid user accounts. The user must be running a 5250 emulator.
The user may, after authentication, access the 'System Request' menu and obtain a list of all object names of type USRPRF. The 'System Request' feature is installed by default.
This information may be useful in attempting further, intelligent attacks against the vulnerable server.