IBM Support

OA56392: VERIFY PASSWORD DOES NOT DETECT ANY HASHED PASSWORDS IN A NON-KDFAES ENVIRONMENT IF ICHDEX01 RETURNS RC=4 OR 16

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Verify Password does not detect any HASHED passwords in a
    non-KDFAES environment if ICHDEX01 returns RC=4 or 16.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Users of zSecure Admin/Audit exploiting the  *
    *                 interactive option AU.V - Verify Password    *
    *                 and the 'VERIFY PASSWORD' CARLa statement.   *
    ****************************************************************
    * PROBLEM DESCRIPTION: zSecure Admin/Audit does not detect     *
    *                      hashed passwords in a non-KDFAES        *
    *                      environment in cases where the ICHDEX01 *
    *                      RACF exit (password authentication)     *
    *                      returns RC=4 or 16.                     *
    ****************************************************************
    * RECOMMENDATION: Apply the PTF provided.                      *
    ****************************************************************
    When an ICHDEX01 RACF exit (password authentication) is
    installed, the zSecure Admin/Audit does not detect hashed
    passwords in a non-KDFAES environment in cases where the
    ICHDEX01 exit routine returns RC=4 or 16.
    

Problem conclusion

  • zSecure Admin/Audit has been modified so the password
    verification audit function reports that the the system uses
    password hashing in a non-KDFAES environment with an ICHDEX01
    RACF exit in cases where the exit returns RC=4 or 16.
    

Temporary fix

Comments

APAR Information

  • APAR number

    OA56392

  • Reported component name

    ZSEC BASE,ADMIN

  • Reported component ID

    5655T0100

  • Reported release

    220

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-10-24

  • Closed date

    2018-12-19

  • Last modified date

    2019-01-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UA98238 UA98239 UA98240 UA98241

Modules/Macros

  • CKAVPWD  GKRVPWD
    

Fix information

  • Fixed component name

    ZSEC BASE,ADMIN

  • Fixed component ID

    5655T0100

Applicable component levels

  • R220 PSY UA98238

       UP18/12/21 P F812

  • R221 PSY UA98239

       UP18/12/21 P F812

  • R230 PSY UA98240

       UP18/12/21 P F812

  • R231 PSY UA98241

       UP18/12/21 P F812

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU048","label":"IBM Software"}, "Product":{"code":"SSCE68R","label":"zSecure Admin"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"220","Edition":""}]

Document Information

Modified date:
02 January 2019