× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2000

Re: RMTCMD Anomaly????

  • Subject: Re: RMTCMD Anomaly????
  • From: "Richard J. Serrano" <rjs@xxxxxxxxxxxx>
  • Date: Thu, 18 May 2000 15:17:56 -0700
  • Organization: Palace Guard Software
 
You have definitely discovered a security hole!
Secure/Net (exit point security & network access control software) can help you 
with this, and
other, security gaps...

www.pgsas400.com

Richard J. Serrano
Palace Guard Software

----- Original Message -----
From: Mark Allen <markallen@kellyskids.com>
To: 'MIDRANGE-L <MIDRANGE-L@midrange.com>
Sent: Thursday, May 18, 2000 10:16 AM
Subject: RMTCMD Anomaly????


I think I have found a potential "hole" but maybe I am missing something,
and one of the "experts" out here can help.

Scenario1:

Sign on to Microsoft Windows with User=Mark (same as 400 user id) and no
password (I know bad, but......)

At this point no Client Access session program has been started from client
PC.

Do RMTCMD /I d:\web\Command.lst

Commands execute as specified but no AS/400 sign on is required.


If I do a DSPLOG after executing command I see


                         Additional Message Information

 Message ID . . . . . . :   CPIAD0B       Severity . . . . . . . :   00
 Message type . . . . . :   Information
 Date sent  . . . . . . :   05/18/00      Time sent  . . . . . . :
12:04:09

 Message . . . . :   *SIGNON server job 704972/QUSER/QZSOSIGN processing
   request for user MARK on 05/18/00 12:04:09 in subsystem QSYSWRK in QSYS.
 Cause . . . . . :   The *SIGNON server is processing request 1 for user
MARK.
   The types of requests supported are as follows:
     1 -- Retrieve Signon Information
     2 -- Change Password


Other msg's that appear:

*SIGNON server job 704972/QUSER/QZSOSIGN processing request for user MARK on
Job 704981/QUSER/QZSCSRVS started on 05/18/00 at 12:04:12 in subsystem
QSYSWR
Servicing job 704974/QUSER/QZSCSRVS for user MARK on 05/18/00 12:04:12 in
sub
Job 704982/QUSER/QZSCSRVS started on 05/18/00 at 12:04:12 in subsystem
QSYSWR

If I sign on to my PC as HACKER (BTW not a valid AS/400 signon) and try the
rmtcmd I get the Client Access pop up window asking for userid and password.

Short of requiring/enforcing every one to have Windows passwords is there
any other way to restrict RMTCMD??
I do want specific user profiles to be able to execute w/o having to sign on
to the as/40 (i.e. scheduled running of .BAT at specified time from a PC).


Mark Allen
IS Manager
Kelly's Kids
markallen@kellyskids.com



+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.