Stealing Passwords with UDDS

User Defined Data Streams (UDDS) can be used to deliver and administer data to a display work-station. Sort of like a program described printer file, but for display files.

By using UDDS it is possible to capture the entire contents of a screen into a variable.

If a program designed to do just that was run against the Sign-On screen - the User Profile name and Password would be captured! .

IBOD

Stealing Passwords with UDDS:

The technique for capturing screen images is described in the Tips and Techniques section of this site.

If the technique employed in the program GETDSP (detailed in Tips and Techniques) is included in a program that is launched as a routing entry program on an interactive sub-system, the user profile and associated password will be captured in plain view.

A sample program to capture passwords at Sign-On

The remedy for this situation is to ensure, that if you are using non-standard routing entry programs, that they do not include programs that use UDDS to capture the screen image at sign-on.

Home | Software Solutions | iSeries Security | Tips & Techniques | Consulting | About us | Contact Us



Sentinex Inc.
379 Hamilton Drive
Stewartsville, NJ, 08886
Telephone: (800) 822 1004
Outside USA: (908) 213 8650
FAX: (908) 213 8652
e-Mail: info@sentinex.com 		Member of PartnerWorld for Developers
IBM is a registered trademark of IBM Corporation.