POLICY-OTHER IBM Data Risk Manager user password reset attempt
The rule checks for requests to generate and retrieve a new password for an existing user by providing an an associated sessionId token. An attacker may use this method to take over administrative account control and to gain an API access token.
What To Look For
This rule fires on an attempt bypass authentication for an existing IBM Data Risk Manager user. The vulnerability is inherent to normal functionality of the software.
No public information
Known false positives, with the described conditions
It is possible for this rule to alert in the normal process of a password reset.
Cisco Talos Intelligence Group