Within CA TPX, how can we minimize exposure when a user types their password into the userid field?
search cancel

Within CA TPX, how can we minimize exposure when a user types their password into the userid field?

book

Article ID: 6388

calendar_today

Updated On:

Products

TPX - Session Management Vman Session Management for z/OS

Issue/Introduction

Sometimes a user will enter their password in the userid field and this is sent to security for validation and rejected as an invalid userid.  Subsequent successful signon also shows in the log.  This is a potential security breach since these messages are all now visible to anyone reviewing the log.

Environment

CA TPX for z/OS

Cause

User may type their userid and press enter instead of tabbing to password field.  Signon is rejected.  They continue by typing their password without realizing that they are back in the userid field, press enter and this is also sent to security.  Signon again rejected.

Resolution

Since there is no way to control what a user may type into a field, the workaround is to avoid having the security messages with visible password showing up in any logs.

  • While it is feasible to block by message id [within TPX for TPXL* messages and within security for those messages] this would eliminate too many messages that are required for regular triage of user issues.
  • Field validation at the ISPF panel level [using )PROC and VER statements] is not possible within TPX.  TPX programmatically overrides any panel )PROC statements for security purposes.

Suggestions:

  1. Use the Log Writer exit to replace a userid in the message with another character when the userid do not conform to site naming standards.
    • For example, if the userid must be alphanumeric and passwords must contain a special character, any userid that contains a special character is definitely invalid and can be replaced with '???????' in the logon rejection message.
    • Similar changes should also be considered for the security log and syslog.
  2. Use the Signon Signoff Exit, TPXUSNSF, to reject the user (RC4) in the pre-security call (function code 8) based on custom code you may add. For example, is the userid is greater than 7 characters, or does not match your site format for alpha and numeric characters.

You may also consider restricting who may view the TPX started task logs and the syslog.

 

Additional Information

TPX 5.4 - Setting Up User Exits - Signon and Signoff Exit

TPX 5.4: LOG Writer Exit