From: Jason Brooks (jbrooks@longwood.edu)
Date: Fri Oct 31 2003 - 16:32:45 EST
Greetings,
I am working for Longwood University's Information Security
Department. We are planning to do some pen-testing on IBM's CICS system on
AIX for password complexity, length, etc. I have been googling for a
password cracker and general information on password storage in
CICS. Having found nothing, I thought I would drop a line out to see if
anyone on pen-test has any insight. My questions:
1) Where does IBM's CICS application store passwords? What is
the format?
2) Is there a password cracker that can work against CICS,
especially a password file, if it exists?
Thanks,
Jason Brooks
Jason Brooks
Information Security Technician
IITS
116 - B Coyner
Longwood University
201 High Street
Farmville, VA 23901
(434) 395-2796
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT