I remember seeing passwords roll up the console and be recorded in the SYSLOG all the time, in the bad old MVS/XA days. Every time someone accidentally typed their password instead of their user id in the user id field, it would send a message that the user was not defined, which would be their password... then you could see them correct the mistake and log on, thereby getting the user id.
Haven't seen that in a very long time and I don't know when they fixed it, but a lot of fun and free wheeling stuff happened back then, especially on the old minicomputers of a defunct equipment company that I should not mention by name here. :-) Greg Schmeelk Sr. Systems Programmer J.B. Hunt Transport Services Inc. Cell: 678-416-2358 E-Mail: [email protected] From: Elardus Engelbrecht <[email protected]> To: [email protected] Date: 09/18/2012 09:21 AM Subject: Re: z/OS SYSLOG - why not let everybody read? Sent by: IBM Mainframe Discussion List <[email protected]> Ed Gould wrote: >1. I have seen passwords on the syslog. Can you show any example(s) of such messages? Of course you can mask out the passwords before posting. ;-) Was that by design [1] or by operator error? Was that a verbatim copy of some command? Groete / Greetings Elardus Engelbrecht [1] - I mentioned in May 2012 that a 3th party product can show passwords for debugging purpose. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
