|
-- We have all of our Mochasoft users set up with pre-defined device names. We have had the problem from one user hitting reset and being able to come in on a QPADEVxxx session which led to the test we did yesterday. Here is the scenario as described by our Systems Administrator in an email to Mochasoft tech support (a different issue that the QPADEVxxx problem). 1) Autoconfig is NOT on in the system value QAUTOCFG of the AS/400. 2) The device is named M15S1 within the config52 file mentioned above. 3) The user was disconnected and the device varied off by OS/400 after 3 invalid signon attempts. 4) The user then selected the 'reset configuration' option from the menu bar. 5) He then clicked on the 'open' icon, and selected one of the 2 IP addresses previously configured. He did not attempt to make any changes to the device name. 6) He got a signon screen with the device name M15S1, even though we did not manually vary the device back on. btw, we dealt with the qpadev... problem by excluding authorization from *public and specifically authorizing only the users who are allowed to use the six device descriptions that have been created. Gary Lea Chuck Morehead <cbmorehead@nokuse.com> on 11/14/2001 11:26:17 AM Please respond to midrange-l@midrange.com To: midrange-l@midrange.com cc: (bcc: Gary Lea/Dextermag) Subject: Re: Mochasoft security hole Gary, Perhaps it is not the same device that is being varied back on. Check the device names. I bet that it is a different virtual device that is being used the second time. This is not a MochaSoft issue, but a general telnet issue. Let me know if this is the problem and I can give you some guide lines. Chuck ----- Original Message ----- From: <glea@dextermag.com> To: <MIDRANGE-L@midrange.com> Sent: Wednesday, November 14, 2001 1:21 PM Subject: Mochasoft security hole > > > We are using Mochasoft for some of our access to the AS/400 both internally and > externally. We have the system set up so that it will vary off the device if > the user keys the incorrect password three times. We tried a little test > yesterday and found that if the user selects "reset terminal" from the "Edit" > drop down menu the device will be varied back on and a signon screen will > reappear! This happens even if the systems administrator has varied off the > device manually. Has anyone else had this experience and if so, how did you > deal with it? > > Gary Lea > > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. -- [ att1.eml of type application/octet-stream deleted ] --
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.