Security Scan reports that /operatorconsole_portlet/jsp/static/js/main.js exposes internal information

book

Article ID: 211471

calendar_today

Updated On:

Products

DX Infrastructure Management

Issue/Introduction

  • Exposure of Username & Password
  • Exposure of internal IP address 10.238.40.232

 

 

 

 

 

Environment

Release : 20.3

Component : UIM - SECURITY VULNERABILITIES

Resolution

We can see the following values in the output:

1. administrator/t3sti9

2. http://10.238.40.232/cabijs

 

These are mock/dummy values which we are using in our code. These are not actual system credentials, nor is this any actual system IP.

So there is no impact on security with these values. 

However, due to the impact on security scans which might pick this up as a false positive, we have removed this dummy code in UIM/OC 20.3.3 to avoid this problem.