IBM iSeries Cached Passwords

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.

Synopsis :

At least one password is stored in the registry by the client software
for the IBM iSeries system.

Description :

The client software for the IBM iSeries system can automatically
connect to an iSeries system without prompting for user credentials.
It does so by storing a default user and its associated password in
the registry. The password is protected by a weak encoding algorithm
and a known key. A remote attacker can exploit this by accessing the
encoded password value in the registry, allowing the attacker to
recover the password in plaintext.

See also :

Solution :

Upgrade to IBM iSeries version 7.1 service pack SI60523 or later.

Risk factor :

Low / CVSS Base Score : 2.1

Family: Windows

Nessus Plugin ID: 57849 ()

Bugtraq ID:

CVE ID: CVE-2016-0287

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now