IBM iSeries Default Password

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is configured with a default password for an IBM
iSeries user account.

Description :

The remote IBM iSeries server has a default password set for a well-
known user account. An attacker can take advantage of this to login
to the server and take complete control of the server.

See also :

http://www.nessus.org/u?724772c7

Solution :

Change the default password for iSeries accounts.

The CL command ANZDFTPWD can be used to detect user accounts with
the default password and can take action to disable the user or set
the user's password to 'expired'.

Also, review the 'QMAXSGNACN' and 'QMAXSIGN' system settings.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 10.0
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 57848 ()

Bugtraq ID:

CVE ID: