Synopsis
The remote server is running a web-based system manager.
Description
The remote host is running IBM's WebSM, a web-based system manager. An attacker browsing this page would be able to gain information regarding the underlying operating system. Further, web-based system managers allow a point of attack for attackers who wish to brute-force accounts and passwords. Also, the application is not configured to use encryption. A passive attacker with the means to capture local traffic can sniff system configuration information.
Solution
Ensure that this application utilizes both strong encryption as well as authentication.
