Default passwords and the dangers they pose

What are default passwords ?

Default passwords can be either the system delivered default password or a password that’s exactly the same as the username.

IBM i comes with a couple of ‘service users’ that are used for applications such as the HTTP server, WebSphere application server, dial-home, and much more. Some of these users have never been changed and are lurking to be misused in many ways.

Additionally, over the years users have been created that have the same password as the user and have never been changed.

Why should you care?

Well suppose we have our end-user Eddy. His user profile is called EDDY. And of course, his password is EDDY as well. And for the sake of convenience, we just copied another profile with security officer rights to make this profile.
This is dangerous as this profile has the rights to do almost everything on the system, including deleting whatever they want.
Oh and did I mention that Eddy is no longer working for the firm but his user profile is still enabled and can be misused at any time ?

Be aware!

The good news is, there’s a very handy little command that can give you a nice overview of the user profiles that have default passwords. The command is called ANZDFTPWD. This will give you a list of all the user profiles on your system that have default password and whether they are enabled or not.

Try it out

Try the command out and have a look on your system. It takes only a few seconds and you may have some user profiles with default password that you weren’t even aware of.

A real life example

Below you will find a real example of such a list. For security and privacy reasons I have blanked out the user profiles and system name. Yet, there were 26 user profiles with default passwords, 24 users were still enabled and 11 of them had *SECOFR rights. Talking about a dangerous situation.

Generated by Feedzy