×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
And, everybody and their brother peddles a product that will tell
you user profiles with easy passwords. Obviously they've figured out a
hack.
Can't speak for how others do it, but if I was going to do it, it's
relatively simple. Since you can retrieve the encrypted (er, hashed)
password via the QSYRUPWD API, and since that API is specifically
designed to allow you to move the password to another machine it follows
that the hash isn't machine specific. Therefore, on my machine I could
take a list of, say, 10,000 "easy" passwords and for each one, change a
user profile to have that password, and then retrieve the encrypted
password via the api. When I was done I'd have a x-ref between encrypted
passwords and their original value. Then on any other machine I could
retrieve the encrypted password from a profile and compare it to my
list. If it's in my list then you have an "easy" password.
-Walden
--
Walden H Leverich III
Tech Software
(516) 627-3800 x3051
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com
Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
midrange.com
