APAR status
Closed as program error.
Error description
IBM Rational ClearQuest Web: The error messages produced by uns uccessful login attempts make it possible to perform scripted us ername enumeration through the login pages within the applicatio n.
Local fix
Problem summary
In ClearQuest web it is possible to perform scripted username enumeration exposing a security vulnerability from unsuccessful login attempts.
Problem conclusion
Fixed in ClearQuest web 7.0.1.1-ifix01 and 7.0.0.2-ifix01.
Temporary fix
Comments
APAR Information
APAR number
PK55561
Reported component name
CLEARQUEST WIN
Reported component ID
5724G3600
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2007-10-26
Closed date
2008-03-04
Last modified date
2008-03-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLEARQUEST WIN
Fixed component ID
5724G3600
Applicable component levels
R700 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
04 March 2008