Recently, a problem with the QDSIGNON screen could potentially leave user profiles and passwords unencrypted in working memory. Using of a simple 17-line RPG program, it's possible to capture the user ID and password of the last user to sign on to the subsystem. The danger in this is the potential to view, in clear text, the user name and password of the last user that signed on to the system.
IBM promptly released PTFs that will fix this problem for all supported (and several nonsupported) releases. The OS/400 releases and their PTFs are as follows:
V4R5M0 - SF62896
V4R4M0 - SF62895
V4R3M0 - SF62894
V4R2M0 - SF62946
V4R1M4 - SF62945
V4R1M0 - SF62944
V3R2M0 - SF62947
IBM is extremely protective of password security and quite rapidly responsed to this security hole. You are strongly urged to load these PTFs or their successors to your system as soon as possible. As of publishing this article, there are no plans to issue PTFs other OS/400 releases. If you are currently running any other OS/400 release, this issue alone should be reason enough to move forward.
Last Modified On:
No, open a new Support Case
