SynopsisThe remote host is configured with a default password for an IBM iSeries user account.
DescriptionThe remote IBM iSeries server has a default password set for a well- known user account. An attacker can take advantage of this to login to the server and take complete control of the server.
SolutionChange the default password for iSeries accounts.
The CL command ANZDFTPWD can be used to detect user accounts with the default password and can take action to disable the user or set the user's password to 'expired'.
Also, review the 'QMAXSGNACN' and 'QMAXSIGN' system settings.