IBM iSeries Cached Passwords

Low Nessus Plugin ID 57849


At least one password is stored in the registry by the client software for the IBM iSeries system.


The client software for the IBM iSeries system can automatically connect to an iSeries system without prompting for user credentials.
It does so by storing a default user and its associated password in the registry. The password is protected by a weak encoding algorithm and a known key. A remote attacker can exploit this by accessing the encoded password value in the registry, allowing the attacker to recover the password in plaintext.


Upgrade to IBM iSeries version 7.1 service pack SI60523 or later.

See Also

Plugin Details

Severity: Low

ID: 57849

File Name: ibmi_cached_password.nbin

Version: $Revision: 1.77 $

Type: local

Agent: windows

Family: Windows

Published: 2012/02/06

Modified: 2018/02/06

Dependencies: 13855

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ibm:client_access

Required KB Items: SMB/Registry/Enumerated

Patch Publication Date: 2016/06/27

Vulnerability Publication Date: 2016/06/27

Reference Information

CVE: CVE-2016-0287

OSVDB: 140554

TRA: TRA-2016-18