Re: Profiles with Default Password -- MIDRANGE-L

Subject: Re: Profiles with Default Password
From: rob@xxxxxxxxx
Date: Fri, 27 Aug 2010 13:05:00 -0400
List-archive: <http://archive.midrange.com/midrange-l>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

Obviously Alan by now you have seen a plethora of responses about
ANZDFTPWD. Is that a big security breach? Heck no, any person can write
an api that tries to get a profile handle on SMITH SMITH or ROB ROB. It
if works then the person has a default password. Now, there may be more
to it if the person is expired and ensuring you have the right failure
reason.

There are also utilities to check against simple passwords.

I wonder if invalid attempts to get a profile handle count against
"invalid sign on attempts".

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.