POLICY-OTHER --
POLICY-OTHER IBM Data Risk Manager user password reset attempt
The rule checks for requests to generate and retrieve a new password for an existing user by providing an an associated sessionId token. An attacker may use this method to take over administrative account control and to gain an API access token.
This rule fires on an attempt bypass authentication for an existing IBM Data Risk Manager user. The vulnerability is inherent to normal functionality of the software.
No public information
Known false positives, with the described conditions
It is possible for this rule to alert in the normal process of a password reset.
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None
Tactic: Privilege Escalation
Technique: Access Token Manipulation
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org