RE: Re: Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2016-0287. (2016.06.28)

Followed the link. Read the notes. Made relatively educated or uneducated assumption based on what I think I know :-)

Regards,


Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx
p. 952.486.6802
w. helpsystems.com


------------------------------

message: 2
date: Wed, 29 Jun 2016 11:27:25 -0400
from: Jim Franz <franz9000@xxxxxxxxx>
subject: Re: Security Bulletin: IBM i Access for Windows affected by
vulnerability CVE-2016-0287. (2016.06.28)

Has anyone loaded the new service pack yet?

Richard - is your statement about the registry based on observation or
assumption? (offline response if preferred).
Matt - I don't think anyone should be detailing an exploit in a public
forum (to answer your question). IBM certainly won't.

Jim Franz

On Tue, Jun 28, 2016 at 2:08 PM, Richard Schoen <
Richard.Schoen@xxxxxxxxxxxxxxx> wrote:

Looks to me like IBMi access is maybe storing passwords unencrypted in the
registry.

If your .Net app stores it's own user/password info I wouldn't think you
would have an issue.

Just my interpretation.

I never store IBM i access passwords except encrypted in my apps.

Regards,


Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx
p. 952.486.6802
w. helpsystems.com