AS400 and Windows 95

On Monday, April 26, 1999, 01:01 PM, Sandy Howard wrote: I recently was informed about the security problem with Windows 95 run command and the AS400. I wouldn't have believed it until I saw it with me own eyes. Has anyone heard of a way to combat this problem. Thanks, Sandy

---

Do you have some more details????......

 
Bob Hamilton TEXAS BUSINESS SYSTEMS 736 Pinehurst Richardson, Texas 75080 
 

AS400 and Windows 95

From the Windows run command line, by typing rmtcmd and then the AS400 command, you can run any 400 command without a login. In testing this I changed a Profile to QSECOFR and then reset the password. Worked like a charm. Whats more there is no log entry and it won't show up in auditing. It uses TCP/IP to slip in and make the change. Who ever found it posted it on several Hacker web sites, so I guess the secret is out.

AS400 and Windows 95

On Tuesday, April 27, 1999, 12:53 PM, Sandy Howard wrote: From the Windows run command line, by typing rmtcmd and then the AS400 command, you can run any 400 command without a login. In testing this I changed a Profile to QSECOFR and then reset the password. Worked like a charm. Whats more there is no log entry and it won't show up in auditing. It uses TCP/IP to slip in and make the change. Who ever found it posted it on several Hacker web sites, so I guess the secret is out.

---

While you can indeed bypass the login screen, this is only a byproduct of setting a default user profile and password in Client Access. Any commands run, do so under that profile. You can't do anything you couldn't do otherwise. For example, you can't change passwords unless your default user has *SECADM capabilities. If your regular users have *SECADM capabilities (which are required in order to change passwords), then you have some serious security problems to start with. The point? If you let client access log in for you, people can indeed fire up your machine and get in "as you". If you have a PC which autologs someone as QSECOFR (or any user with *SECADM), then you might want to do a thorough security housecleaning. src="//www.zappie.net/java/_derived/index.htm_cmp_zero110_vbtn_p.gif" width="140" height="60" border="0" alt="Zappie's Java Home" align="middle"> Zappie! - where the AS/400 speaks Java - with an RPG acce

AS400 and Windows 95

On Tuesday, April 27, 1999, 02:26 PM, Joe Pluta wrote: On Tuesday, April 27, 1999, 12:53 PM, Sandy Howard wrote: From the Windows run command line, by typing rmtcmd and then the AS400 command, you can run any 400 command without a login. In testing this I changed a Profile to QSECOFR and then reset the password. Worked like a charm. Whats more there is no log entry and it won't show up in auditing. It uses TCP/IP to slip in and make the change. Who ever found it posted it on several Hacker web sites, so I guess the secret is out.

---

While you can indeed bypass the login screen, this is only a byproduct of setting a default user profile and password in Client Access. Any commands run, do so under that profile. You can't do anything you couldn't do otherwise. For example, you can't change passwords unless your default user has *SECADM capabilities. If your regular users have *SECADM capabilities (which are required in order to change passwords), then you have some serious security problems to start with. The point? If you let client access log in for you, people can indeed fire up your machine and get in "as you". If you have a PC which autologs someone as QSECOFR (or any user with *SECADM), then you might want to do a thorough security housecleaning. src="//www.zappie.net/java/_derived/index.htm_cmp_zero110_vbtn_p.gif" width="140" height="60" border="0" alt="Zappie's Java Home" align="middle"> Zappie! - where the AS/400 speaks Java - with an RPG acce This is correct. I have CA 3.1.3 and Beta 4.4.0 and on either system you need to supply user ID and password whenever running RMTCMD. The only time this "security exposure" becomes an issue is, as Joe mentions, if you had signed on to the system previously.

Maybe there is something missing in this "Hacker Report" :-) BTW Joe, your message seems to be truncated at "...- with an RPG acce" When two go together one sees before the other.

AS400 and Windows 95

On Tuesday, April 27, 1999, 03:06 PM, Felipe wrote: BTW Joe, your message seems to be truncated at "...- with an RPG acce"

---

Yup... I have to shorten the message two characters, like so: src="//www.zappie.net/java/_derived/index.htm_cmp_zero110_vbtn_p.gif" width="140" height="60" border="0" alt="Zappie's Java Home" align="middle"> Zappie! - where the AS/400 speaks Java with an RPG accent

AS400 and Windows 95

On Tuesday, April 27, 1999, 12:53 PM, Sandy Howard wrote: From the Windows run command line, by typing rmtcmd and then the AS400 command, you can run any 400 command without a login. In testing this I changed a Profile to QSECOFR and then reset the password. Worked like a charm. Whats more there is no log entry and it won't show up in auditing. It uses TCP/IP to slip in and make the change. Who ever found it posted it on several Hacker web sites, so I guess the secret is out.

---

This isn't quite true. Your password must have been processed by Client Access prior to the start of a connection (either SNA or TCP/IP). Wither a sign-on with password was given to CA (or orther connection software), or it was stored when setting up CA. In either case, the logon has been acheived prior to running RMTCMD. This does not excuse those who walk away from their desks leaving their PCs available and completely signed on for any hacker to use. Breaking into secured access is easy, when the user (wittingly or unwittingly) does it for you. David Abramowitz

AS400 and Windows 95

Thanks Guys for easing my mind. I took out my default login and that wonderful gray security box appeared. I work for a company that the AS400 is considered second string to Unix and Intel. So far I have kept the 400 shining but this one catch me off guard. Now I am back on top again! Thanks Again!!