From: Brian O'Berry (brian@zen-data.com)
Date: Sun Jul 07 2002 - 08:20:26 EDT
I consulted a mainframe buddy of mine, who sent the info below. If the
shop is running RACF as its security manager, you can try logging into
TSO with userid IBMUSER password SYS1.
Hope this helps,
Brian
The primer userid that IBM supplies is IBMUSER and in fact it is hard
coded into RACF. If you delete it RACF will add it back at the next
IPL. IBMUSER comes out of the factory with RACF SYSTEM SPECIAL ready to
be used to configure your system. Most sites pull the teeth of IBMUSER
by removing any authority after they bootstrap RACF and REVOKEing it but
it may remain enabled with the default password if someone forget
AUDITing 101. It certainly is a default account. At least in old school
shops it's unlikely this would ever be left open as an exploit. In new
age shops that might be deploying z/OS.e just to support the new
workloads like Wehsphere and where an mainframe audit is not (yet) an
annual event it might just be left open if they did not get a good
consultant.
You can find the current z/OS Security Server nee RACF book shelf here
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/Shelves/ICHZBK21
Here is where you can find specific documentation that points IBMUSER
and it's default password (SYS1)
in the System Administrator's Guide.
CICS at the current level is a another story. Since CICS no longer
supports internal security it requires an external security manager IBM
RACF/CA-Top-Secret,CA-ACF2 CICS itself does not have any default users.
Many shops do wind up using the IBM samples and seeing an id called
CICSUSER is not uncommon. CICSTEST,CICSPROD after also likely to be
present in more than a few shops just by the way people seem to think.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT