IBM iSeries Default Password

critical Nessus Plugin ID 57848


The remote host is configured with a default password for an IBM iSeries user account.


The remote IBM iSeries server has a default password set for a well- known user account. An attacker can take advantage of this to login to the server and take complete control of the server.


Change the default password for iSeries accounts.

The CL command ANZDFTPWD can be used to detect user accounts with the default password and can take action to disable the user or set the user's password to 'expired'.

Also, review the 'QMAXSGNACN' and 'QMAXSIGN' system settings.

See Also

Plugin Details

Severity: Critical

ID: 57848

File Name: ibmi_default_password.nbin

Version: 1.113

Type: remote

Family: Misc.

Published: 2/6/2012

Updated: 7/17/2023

Risk Information

CVSS Score Rationale: Default credentials


Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual


Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:ibm:iseries_as_400

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required