|
midrange.com
--
We have all of our Mochasoft users set up with pre-defined device names. We
have had the problem from one user hitting reset and being able to come in on a
QPADEVxxx session which led to the test we did yesterday. Here is the scenario
as described by our Systems Administrator in an email to Mochasoft tech support
(a different issue that the QPADEVxxx problem).
1) Autoconfig is NOT on in the system value QAUTOCFG of the AS/400.
2) The device is named M15S1 within the config52 file mentioned above.
3) The user was disconnected and the device varied off by OS/400 after 3
invalid signon attempts.
4) The user then selected the 'reset configuration' option from the menu
bar.
5) He then clicked on the 'open' icon, and selected one of the 2 IP
addresses previously configured. He did
not attempt to make any changes to the device name.
6) He got a signon screen with the device name M15S1, even though we did
not manually vary the device back on.
btw, we dealt with the qpadev... problem by excluding authorization from *public
and specifically authorizing only the users who are allowed to use the six
device descriptions that have been created.
Gary Lea
Chuck Morehead <cbmorehead@nokuse.com> on 11/14/2001 11:26:17 AM
Please respond to midrange-l@midrange.com
To: midrange-l@midrange.com
cc: (bcc: Gary Lea/Dextermag)
Subject: Re: Mochasoft security hole
Gary,
Perhaps it is not the same device that is being varied back on. Check the
device names. I bet that it is a different virtual device that is being
used the second time. This is not a MochaSoft issue, but a general telnet
issue. Let me know if this is the problem and I can give you some guide
lines.
Chuck
----- Original Message -----
From: <glea@dextermag.com>
To: <MIDRANGE-L@midrange.com>
Sent: Wednesday, November 14, 2001 1:21 PM
Subject: Mochasoft security hole
>
>
> We are using Mochasoft for some of our access to the AS/400 both
internally and
> externally. We have the system set up so that it will vary off the device
if
> the user keys the incorrect password three times. We tried a little test
> yesterday and found that if the user selects "reset terminal" from the
"Edit"
> drop down menu the device will be varied back on and a signon screen will
> reappear! This happens even if the systems administrator has varied off
the
> device manually. Has anyone else had this experience and if so, how did
you
> deal with it?
>
> Gary Lea
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
[ att1.eml of type application/octet-stream deleted ]
--
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
