[原文]AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
IBM AIX Remote Login Disable Password Verification Disclosure
Remote / Network Access
Loss of Confidentiality
IBM AIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker attempts to login to an account which has remote login disabled. If the userid and password combination is correct the operating system will respond with a text saying that remote logins are disabled. The attacker can thus brute-force or verify a password resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): implement better password policies making it harder to guess password or refrain from disabling remote login