GETENTRY exposes old passwords
Article ID: 111422
Updated On:
Products
VM:Secure for z/VM
Issue/Introduction
GETENTRY without the undocumented WITHPASS option masks the current passwords on the USER, IDENTITY, and MDISK statements, and removes the *PW00= record, but it leaves the old password records (*PW01=, *PW02=, etc) intact. It should scrub the password history statements unless WITHPASS is used.
Environment
Release:
Component: VMX
Component: VMX
Resolution
VM:Secure PTF SO05000 corrects this problem/exposure.
GETENTRY now correctly removes all password history records (*PWnn=) from the returned directory entry, whereas previously only the record(s) for the current password (*PW00=) were removed.
GETENTRY now correctly removes all password history records (*PWnn=) from the returned directory entry, whereas previously only the record(s) for the current password (*PW00=) were removed.
Additional Information
When/if REPENTRY is done for the GETENTRY item, any/all password history records are restored to the replaced entry from the original copy of the entry on the VM:Secure directory disk (1B0), so the existing password history (maintained by VM:Secure) remains intact for the entry.
If *PWnn records exist in the replacement copy of the entry, they are removed and replaced by the information on the 1B0.
If *PWnn records exist in the replacement copy of the entry, they are removed and replaced by the information on the 1B0.
Feedback
Yes
No
Powered by
