How to disable disableCheckUsername in Portal

Document ID : KB000010512
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Any person who got access to portal URL can collect data regarding portal users. 

Without any credentials, an attaker can use /register/check/username API, that returns 

"The name seenu is already in use, please choose something else" 

in case when use is already exists. 

Instructions:

Use the GUI to edit the file. 

1. In a browser use http://<portal>/admin (login using admin account) 

2. click on workspace --> Content items --> System --> conf 

3. Choose the edit button next to properties.xml 

4. Change <Property name="disableCheckUsername" value="no" /> 

To 

<Property name="disableCheckUsername" value="yes" /> 

5. Choose Save 

6. To publish this file, click on the green arrow next to properties.xml 

7. restart portal (service apiportal restart) 

Now check http://<portal>/register/check/username?username=admin 

This will throw a page cannot be displayed error.