MMP Logging Does Not Capture Badguy UserID or Reason
(Doc ID 2077653.1)
Last updated on MARCH 18, 2019
Applies to:Oracle Communications Messaging Server - Version 7.0.0 and later
Information in this document applies to any platform.
When MMP logs a "badguy" message, because an attempted userID does not exist (such as an attacker trying to guess userIDs), there is no simple way to determine what userID is being attempted. Is it a user repeatedly entering their userID incorrectly or an attacker trying a sequential userID attack?
Example, debug log level:
One can derive some conclusion if "ldap" is set on debugkeys (such as a search returning zero results), but the amount of data it produces is excessive when we really just want to know the userID and get an idea of why it was declared a badguy.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document