Security Alert - Password problem on AS/400

Hi all

I do not know if it has knowledge of this situation, but if they do not
have, much attention.

AS/400 SECURITY ALERT: Password problem on AS/400
For the longest time everyone thought that there was no way to view
unencrypted passwords from the AS/400.  But recently an enterprising
programmer discovered a problem with the QDSIGNON screen that would briefly
leave User Profiles and passwords unencrypted in working memory.  Through
the use of a deceptively simple 17 line RPG program, the programmer found
that he could capture the User ID and Password of the last user to signon
to the subsystem. The danger in this is that an unscrupulous programmer
could potentially view, in clear text, the User Name and Password of the
last user that signed onto the system.  IBM promptly  released PTF's that
will fix this problem for all supported (and several non-supported)
releases.  The PTF's and their releases are:
   V4R5M0 - SF62896
   V4R4M0 - SF62895
   V4R3M0 - SF62894
   V4R2M0 - SF62946
   V4R1M4 - SF62945
   V4R1M0 - SF62944
   V3R2M0 - SF62947


   IBM has always been extremely protective of password security, and was
   quite rapid in their response.  You are strongly urged to load these
   PTF's, or their successors to your system as soon as possible.


   At this writing I am not aware of any plans to issue PTF's for any other
   release.  If you're currently running any other release, this issue
   alone should be reason enough to move forward.


   Carlos Almeida



+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---