Good idea on the ANZDFTPWD.  On our development machine:
Message . . . . :   49 user profiles have default passwords of which 6 have
  the status of *ENABLED.
Cause . . . . . :   There are 49 user profiles on the system with default
  passwords. Of the profiles with default passwords, 6 currently have the
  status of *ENABLED.
Recovery  . . . :   If there are any user profiles with default passwords,
  enter the Work with Spooled Files (WRKSPLF) command and display the spool
  file QPSECPWD to determine which profiles have a default password.

Good thing that command ships with *PUBLIC *EXCLUDE.

Rob Berendt
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
Benjamin Franklin



                    Jim Langston
                    <jlangston@celsinc.       To:     
"'midrange-l@midrange.com'" <midrange-l@midrange.com>
                    com>                      cc:
                    Sent by:                  Fax to:
                    midrange-l-admin@mi       Subject:     Re: BugTraq Exploit 
for OS/400
                    drange.com


                    02/25/2002 02:54 PM
                    Please respond to
                    midrange-l






I run Analyze Default Passwords (ANZDFTPWD), a part of OS/400 Security
Tools
every other month or so.  This is a part of AS/400, not sure if Security
Tools is still an add on or included.

I will also list user profiles and look at the date last signed on, and if
it's over a month see if we need to delete the account.

My goal being: Only user profiles that are actually required being in the
system and user profiles not having default passwords.

I do not like the limit of 10 character passwords, and really wish it was
more like 32 characters, but not much I can do about that.

Regards,

Jim Langston

And what would be the workaround(s)?

...I know that many of the software products, like
Pentasafe, and maybe PowerTools, have options in there to list users who's
passwords match their user profiles...

Rob Berendt
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.







As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.