Answer
By default GMS stores passwords in an encrypted form within the Registry. To comply with certain countries’ export controls, GMS uses a weak password encryption algorithm when encrypting these codes. To prevent dictionary attacks against user passwords, GMS increments a time delay for each failed logon attempt.
If the system admin has setup a password expiry period for a particular account, GMS will send two "reminder" messages. The first is sent 15 days before the expiry time is reached. The second message is a warning that your account password will expire in 2 days.
By using a remote terminal emulator such as "Telnet", it is possible to obtain information on any GMS server if password protection is not used. The information that can be retrieved can include the number of accounts on the system, the server up time, etc…
After the three way connection handshake has completed, you would issue the STAT command. Some administrators do not consider this a security breach and therefore allow this command without the use of a password.
This can be configured via the admin interface…Incoming > Miscellaneous
See Also:
Keywords:password protection security