IBM iSeries Default Password

critical Nessus Plugin ID 57848
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote host is configured with a default password for an IBM iSeries user account.

Description

The remote IBM iSeries server has a default password set for a well- known user account. An attacker can take advantage of this to login to the server and take complete control of the server.

Solution

Change the default password for iSeries accounts.

The CL command ANZDFTPWD can be used to detect user accounts with the default password and can take action to disable the user or set the user's password to 'expired'.

Also, review the 'QMAXSGNACN' and 'QMAXSIGN' system settings.

See Also

http://www.nessus.org/u?724772c7

Plugin Details

Severity: Critical

ID: 57848

File Name: ibmi_default_password.nbin

Version: 1.81

Type: remote

Family: Misc.

Published: 2/6/2012

Updated: 11/8/2021

Dependencies: ibmi_detect.nbin

Risk Information

CVSS Score Source: manual

CVSS Score Rationale: Default credentials

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:ND/RC:ND

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:ibm:iseries_as_400

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required