91706

http://www-01.ibm.com/support/docview.wss?uid=nas8N1021418

SI60523

https://www.tenable.com/security/research/tra-2016-18

The client software for the IBM iSeries system can automatically connect to an iSeries system without prompting for user credentials.
It does so by storing a default user and its associated password in the registry. The password is protected by a weak encoding algorithm and a known key. A remote attacker can exploit this by accessing the encoded password value in the registry, allowing the attacker to recover the password in plaintext.

CVE-2016-0287

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins