GETENTRY exposes old passwords
search cancel

GETENTRY exposes old passwords


Article ID: 111422


Updated On:


VM:Secure for z/VM


GETENTRY without the undocumented WITHPASS option masks the current passwords on the USER, IDENTITY, and MDISK statements, and removes the *PW00= record, but it leaves the old password records (*PW01=, *PW02=, etc) intact. It should scrub the password history statements unless WITHPASS is used.


Component: VMX


VM:Secure PTF SO05000 corrects this problem/exposure.
GETENTRY now correctly removes all password history records (*PWnn=) from the returned directory entry, whereas previously only the record(s) for the current password (*PW00=) were removed.


Additional Information

When/if REPENTRY is done for the GETENTRY item, any/all password history records are restored to the replaced entry from the original copy of the entry on the VM:Secure directory disk (1B0), so the existing password history (maintained by VM:Secure) remains intact for the entry.
If *PWnn records exist in the replacement copy of the entry, they are removed and replaced by the information on the 1B0.