× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Has anyone loaded the new service pack yet?

Richard - is your statement about the registry based on observation or
assumption? (offline response if preferred).
Matt - I don't think anyone should be detailing an exploit in a public
forum (to answer your question). IBM certainly won't.

Jim Franz

On Tue, Jun 28, 2016 at 2:08 PM, Richard Schoen <
Richard.Schoen@xxxxxxxxxxxxxxx> wrote:

Looks to me like IBMi access is maybe storing passwords unencrypted in the
registry.

If your .Net app stores it's own user/password info I wouldn't think you
would have an issue.

Just my interpretation.

I never store IBM i access passwords except encrypted in my apps.

Regards,


Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx
p. 952.486.6802
w. helpsystems.com

------------------------------

message: 2
date: Tue, 28 Jun 2016 15:48:20 +0000
from: Matt Olson <Matt.Olson@xxxxxxxx>
subject: RE: Security Bulletin: IBM i Access for Windows affected by
vulnerability CVE-2016-0287. (2016.06.28)

Does anyone have any information on what this bug is all about. No details
are on the CVE or from IBM.

I'm hoping it's not a remotely exploitable bug in their .NET data driver.


-----Original Message-----
From: Rob Berendt [mailto:rob@xxxxxxxxx]
Sent: Tuesday, June 28, 2016 10:42 AM
To: midrange-l@xxxxxxxxxxxx
Subject: Fw: Security Bulletin: IBM i Access for Windows affected by
vulnerability CVE-2016-0287. (2016.06.28)

Forwarded by Rob Berendt/DEKKO on 06/28/2016 11:40 AM -----

From: IBM My Notifications
To:
Date: 06/28/2016 11:00 AM
Subject: Security Bulletin: IBM i Access for Windows affected by
vulnerability CVE-2016-0287. (2016.06.28)

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.