How to disable disableCheckUsername in Portal

Document ID : KB000010512
Last Modified Date : 14/02/2018
Show Technical Document Details

Any person who got access to portal URL can collect data regarding portal users. 

Without any credentials, an attaker can use /register/check/username API, that returns 

"The name seenu is already in use, please choose something else" 

in case when use is already exists. 


Use the GUI to edit the file. 

1. In a browser use http://<portal>/admin (login using admin account) 

2. click on workspace --> Content items --> System --> conf 

3. Choose the edit button next to properties.xml 

4. Change <Property name="disableCheckUsername" value="no" /> 


<Property name="disableCheckUsername" value="yes" /> 

5. Choose Save 

6. To publish this file, click on the green arrow next to properties.xml 

7. restart portal (service apiportal restart) 

Now check http://<portal>/register/check/username?username=admin 

This will throw a page cannot be displayed error.