Ok, here's an example:
CICS TS420 - z/OS 1.13
Your standard CICS LOGON screen, enter your UID, mistakenly tab once rather
than twice, you're in the Groupid field.
Type away and strike enter... here's the SYSLOG entry...
2012264 16:21:50.05 STC00665 00000281 ICH408I USER(ABCDEF1 )
GROUP(PASSWOID) NAME(AULPH, JOSEPH )
090 00000281 LOGON/JOB INITIATION - INVALID
GROUP
I modifed my userid in this cut & paste but I think you can get the point.
It doesn't take a genius to read this error message and then logon as you...
Modifying this LOGON screen is on my list of things to do.. #547 I think..
joe
On Thu, Sep 20, 2012 at 2:20 PM, Greg Schmeelk <[email protected]>wrote:
> I remember seeing passwords roll up the console and be recorded in the
> SYSLOG all the time, in the bad old MVS/XA days. Every time someone
> accidentally typed their password instead of their user id in the user id
> field, it would send a message that the user was not defined, which would
> be their password... then you could see them correct the mistake and log
> on, thereby getting the user id.
>
> Haven't seen that in a very long time and I don't know when they fixed it,
> but a lot of fun and free wheeling stuff happened back then, especially on
> the old minicomputers of a defunct equipment company that I should not
> mention by name here. :-)
>
> Greg Schmeelk
> Sr. Systems Programmer
> J.B. Hunt Transport Services Inc.
> Cell: 678-416-2358
> E-Mail: [email protected]
>
>
>
> From: Elardus Engelbrecht <[email protected]>
> To: [email protected]
> Date: 09/18/2012 09:21 AM
> Subject: Re: z/OS SYSLOG - why not let everybody read?
> Sent by: IBM Mainframe Discussion List <[email protected]>
>
>
>
> Ed Gould wrote:
>
> >1. I have seen passwords on the syslog.
>
> Can you show any example(s) of such messages? Of course you can mask out
> the passwords before posting. ;-)
> Was that by design [1] or by operator error? Was that a verbatim copy of
> some command?
>
> Groete / Greetings
> Elardus Engelbrecht
>
> [1] - I mentioned in May 2012 that a 3th party product can show passwords
> for debugging purpose.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>
>
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>
--
Joe Aulph,
Senior Systems Programmer
State of Florida:
Northwood Shared Resource Centre
850-487-8945
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
