Re: Default passwords for TSO and CICS ?

From: Brian O'Berry (brian@zen-data.com)
Date: Sun Jul 07 2002 - 05:20:26 PDT

Next message: helmut schmidt: "BEAWeblogic Java/RMI Application PenTest"

Previous message: Evrim ULU: "Re: blind demodulation - sound card - lucent winmodem - new topics"
Maybe in reply to: Rainer Duffner: "Default passwords for TSO and CICS ?"
Next in thread: Shane Miller: "RE: Default passwords for TSO and CICS ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I consulted a mainframe buddy of mine, who sent the info below. If the
shop is running RACF as its security manager, you can try logging into
TSO with userid IBMUSER password SYS1.

Hope this helps,

Brian

The primer userid that IBM supplies is IBMUSER and in fact it is hard
coded into RACF. If you delete it RACF will add it back at the next
IPL. IBMUSER comes out of the factory with RACF SYSTEM SPECIAL ready to
be used to configure your system. Most sites pull the teeth of IBMUSER
by removing any authority after they bootstrap RACF and REVOKEing it but
it may remain enabled with the default password if someone forget
AUDITing 101. It certainly is a default account. At least in old school
shops it's unlikely this would ever be left open as an exploit. In new
age shops that might be deploying z/OS.e just to support the new
workloads like Wehsphere and where an mainframe audit is not (yet) an
annual event it might just be left open if they did not get a good
consultant.

You can find the current z/OS Security Server nee RACF book shelf here

http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/Shelves/ICHZBK21

Here is where you can find specific documentation that points IBMUSER
and it's default password (SYS1)
in the System Administrator's Guide.

http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ICHZA720/8.2?SHELF=ICHZBK21&DT=20020109124747

CICS at the current level is a another story. Since CICS no longer
supports internal security it requires an external security manager IBM
RACF/CA-Top-Secret,CA-ACF2 CICS itself does not have any default users.
Many shops do wind up using the IBM samples and seeing an id called
CICSUSER is not uncommon. CICSTEST,CICSPROD after also likely to be
present in more than a few shops just by the way people seem to think.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: helmut schmidt: "BEAWeblogic Java/RMI Application PenTest"
Previous message: Evrim ULU: "Re: blind demodulation - sound card - lucent winmodem - new topics"
Maybe in reply to: Rainer Duffner: "Default passwords for TSO and CICS ?"
Next in thread: Shane Miller: "RE: Default passwords for TSO and CICS ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 07 2002 - 14:53:12 PDT