Template:OWASP Secure Configuration Guide
Secure Configuration Guide page structure is presented below. Please use the template to make the Guide more clean and unified.
A detailed description of the product (can be taken from the official website)
%ProductName% allows unauthorized attacker to list all users of the system ...
// Detailed description of the impact. Is it enabled by default? Vulnerable versions.
How to test
In order to test for %Misconfiguration_1%, one should ...
// Proof-of-concept here. Please include the screenshots and widely known tools/scanners!
Initial/common value of parameter "listUsers" from config.xml is set to "true".
To assess the vulnerability it is enough to change the value to false:
<security> <listUsers>false</listUsers> </security>
// please also include links to already existing OWASP pages!