PM01432: RDS, SYNERGY, PASSWORD, SECURITY,

Fixes are available

IBM Rational Synergy iFix 7.1a.05 for version 7.1a
IBM Rational Synergy iFix 7.1a.01 for version 7.1a
IBM Rational Synergy iFix 7.1a.04 for version 7.1a
Rational Directory Server (Tivoli) Interim Fix 3 for 5.2.0.2

APAR status

Closed as program error.

Error description

R#34634
Changing RDS password does not require old password

RDS 5.0 configured for Stand-Alone operation, in
Synergy 7.1

When navigating to http://servername:8400/user to change a
Synergy user password the following behavior is seen

Without providing an Old Password a user can type in the new
password and confirmation password, and the user password gets
changed.

The following message is seen: 'Successfully changed the
password.'

The user can now login to Synergy Web mode using the new
password.

This allows any user to change the password for all users.

However, if a bad password was provided in the Old Password
field, then the following is seen:


'Password Change Failed. Invalid credentials.'


I (tmayer) have also been been able to reproduce this issue on
both Unix and Windows.

Below are the steps to reproduce:

1. In the RDS, create a test user, verify that the 'Grant
password Change' check box is checked.
2. In Synergy, add the test user to the ccm users attribute and
give the user some roles (developer, tester, etc.)
3. Verify that the test user can login to Synergy using Web
Mode.
4. As any user, navigate to http:?hostname?:8400/user
5. Enter the User ID to change, leave the Old Password blank and
add the new values for the New Password and Confirm Password.
6. Login to Synergy as the test user with the new password.

Local fix

```
No known workarounds
```

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
While changing password, Rational Directory Server does not
prompt for the old password

Problem conclusion

This issue is fixed. Users will be prompted for old password
while changing the password

Temporary fix

Comments

APAR Information

APAR number
PM01432
Reported component name
TLOGIC DIR SRVR
Reported component ID
RATLTDS00
Reported release
500
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-11-17
Closed date
2010-12-09
Last modified date
2010-12-09

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
TLOGIC DIR SRVR
Fixed component ID
RATLTDS00

Applicable component levels

R500 PSN
UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSCTQH","label":"Rational Common Components"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0"}]

Document Information

Modified date:
24 October 2021

Tips

PM01432: RDS, SYNERGY, PASSWORD, SECURITY,

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R500 PSN

Document Information

Share your feedback

Need support?