IBM Sterling Ideas

formerly Watson Supply Chain

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Username Password Enumeration - should not tell the client on what authentication the connection failed.

When a external client connects, he connects via SSP. on the SSP SFTP / FTPS the log shows where exactly the connection failed.

e.g. if the username is incorrect, it will notify the hacker that username is incorrect. similarly if the authentication fails due wrong password of the key. then it gives a specfic picture of what failed, exposing the hacker to know what is failed and he can write scripts to see this pattern.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Mar 18 2019
  • Under Consideration
How will this idea be used?

this idea will be used, for enhanced security. no one can miss use the information which has got wrong in first place.

What is your industry? Banking
What is the idea priority? Urgent
DeveloperWorks ID
Link to original RFE
  • Attach files