From a long time memory...
The operator replied a number to an outstanding reply (wrong replay)
If memory serves me there was a request for a checknum something like
"enter check number"
The operator replied 06123456789 (123456789 was the number) and the
program came back with starting check number entered was 123456789
Then the program confirmed it saying is this the number? reply Y or N
------------
The checknum entered was supposed to by highly secure number .
Now the question arises why was it done on the console and of course
it shouldn't have been.
But the program was written 30+ years ago and although violated
(current) standards we could not get the applications people to
change it for anything .
We tried to get auditing to have a go at them and they just said it
was a low priority issue.
I also remember other similar issues (most were fixed over the years
at our request) BTW I did have input into their priority waiting and
it didn't help a lot.
Ed
On Sep 18, 2012, at 9:21 AM, Elardus Engelbrecht wrote:
Ed Gould wrote:
1. I have seen passwords on the syslog.
Can you show any example(s) of such messages? Of course you can
mask out the passwords before posting. ;-)
Was that by design [1] or by operator error? Was that a verbatim
copy of some command?
Groete / Greetings
Elardus Engelbrecht
[1] - I mentioned in May 2012 that a 3th party product can show
passwords for debugging purpose.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
