RE: Re: Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2016-0287. (2016.06.28) -- MIDRANGE-L

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

Followed the link. Read the notes. Made relatively educated or uneducated assumption based on what I think I know :-)

Regards,

Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx
p. 952.486.6802
w. helpsystems.com

------------------------------

message: 2
date: Wed, 29 Jun 2016 11:27:25 -0400
from: Jim Franz <franz9000@xxxxxxxxx>
subject: Re: Security Bulletin: IBM i Access for Windows affected by
vulnerability CVE-2016-0287. (2016.06.28)

Has anyone loaded the new service pack yet?

Richard - is your statement about the registry based on observation or
assumption? (offline response if preferred).
Matt - I don't think anyone should be detailing an exploit in a public
forum (to answer your question). IBM certainly won't.

Jim Franz

On Tue, Jun 28, 2016 at 2:08 PM, Richard Schoen <
Richard.Schoen@xxxxxxxxxxxxxxx> wrote:

Looks to me like IBMi access is maybe storing passwords unencrypted in the
registry.

If your .Net app stores it's own user/password info I wouldn't think you
would have an issue.

Just my interpretation.

I never store IBM i access passwords except encrypted in my apps.

Regards,

Richard Schoen
Director of Document Management
e. richard.schoen@xxxxxxxxxxxxxxx
p. 952.486.6802
w. helpsystems.com

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.