On Thu, 18 Aug 2011 14:44:25 +0300 Matan Cohen <matancohen...@gmail.com> wrote:
:>In my previous shop we add TSS instead of RACF . I remember we had a way to :>get a user password but Im not really familiar what was the background :>process. I greatly doubt it. :>Is somebody familiar with a method to get a user password when using RACF ? Dictionary attack. :>I assume RACF DB is holding the DB in hash base on a one way function , but :>I'll also expect that TSS will do the same . :>if it truly so , Ill be interesting on HOW could my previous shop bypass :>the basic security (maybe using Exit to insert the password to protected :>dataset before the HASH) Ill expect from a security product to allow only :>reset of the password and not reviewing of the user password . Why do you need to hack a password? With appropriate privileges you can simply alter the password to a known value - but, then again, you would be logged. -- Binyamin Dissen <bdis...@dissensoftware.com> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html