IBM Support

ZZ00267: USERS CAN LOGIN TO SCO WITH EMPTY PASSWORD

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Users can login to SCO with empty password
    .
    This is what happens:
    .
    1) We call the pyhon library simple_bind_s to
    authenticate with username & password
    2) The "correct" behaviour of this library call is
    that if password is null, then it treats this bind
    as an anonymous bind...which  if you have this e
    nabled in ldap will work
    3) It returns with no error, so we assume it has been
    successful
    

Local fix

Problem summary

  • It was possible to login into SCO using an LDAP user providing a
    blank password.
    This possibility was caused by a missing check in the relevant
    code.
    

Problem conclusion

  • The code has been fixed to prevent SCO login of LDAP users while
    providing blank password.
    Only providing correct username/password login will be possible.
    

Temporary fix

Comments

APAR Information

  • APAR number

    ZZ00267

  • Reported component name

    SMRTCLOUD ORCHS

  • Reported component ID

    5725H2800

  • Reported release

    230

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-07-24

  • Closed date

    2014-09-15

  • Last modified date

    2014-09-15

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SMRTCLOUD ORCHS

  • Fixed component ID

    5725H2800

Applicable component levels

  • R230 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4KMC","label":"IBM Cloud Orchestrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"230","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
03 November 2021