About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
An attacker who can access the victim's browser could steal the password information in DASH login page.
Cause
When the autocomplete is enabled in login form in DASH login page, the password is susceptible to security attacks. If the function is enabled, then username entered by the user is stored on their local computer and retrieved by the browser on future visits to the same application.
Affected URL: https://<hostname>:16311/ibm/console
Resolving The Problem
Here are the steps to disable autocomplete for password:
1. Open file <JazzSM_HOME>/profile/config/cells/JazzSMNode01Cell/applications/isc.ear/deployments/isc/isclite.war/WEB-INF/customizationProperties.xml
2. Ensure the following line has the value set to false:
<consoleproperties:console-propertyid="LOGIN.CACHEPASSWORD" value="false"/>
Save the file if the property value was changed.
3. Restart JazzSM server1
If the issue persists, then it must be the auto complete is enabled in the browser. Disable the browser's auto-complete setting. To check the logon.jsp no longer has the autocomplete set to true, right-click on the password field on the DASH login page and chose the browser "inspect" option and look for the entry:
<input dir="ltr" type="password" class="isc-login-textfield" name="j_password" autocomplete="off" id="j_password" aria-required="true">Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEKCU","label":"Jazz for Service Management"},"Component":"Dashboard Application Services Hub","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Product Synonym
Jazz for Service Management
Dashboard Application Services Hub
Was this topic helpful?
Document Information
Modified date:
27 August 2024
UID
ibm10887473
Manage My Notification Subscriptions