IBM Support

IO14165: IDSWebApp password field with auto-complete enabled - need explicitly disable the auto-complete feature.

Direct links to fixes

6.2.0.56-ISS-ITDS-WinX64-IF0056
6.2.0.56-ISS-ITDS-Win32-IF0056
6.2.0.56-ISS-ITDS-SolarisX64-IF0056
6.2.0.56-ISS-ITDS-SolarisSparc-IF0056
6.2.0.56-ISS-ITDS-Linuxz-IF0056
6.2.0.56-ISS-ITDS-LinuxX64-IF0056
6.2.0.56-ISS-ITDS-Linuxip-IF0056
6.2.0.56-ISS-ITDS-Linux32-IF0056
6.2.0.56-ISS-ITDS-HPUXIA64-IF0056
6.2.0.56-ISS-ITDS-AIX-IF0056
6.2.0.55-ISS-ITDS-WinX64-IF0055
6.2.0.55-ISS-ITDS-Win32-IF0055
6.2.0.55-ISS-ITDS-SolarisX64-IF0055
6.2.0.55-ISS-ITDS-SolarisSparc-IF0055
6.2.0.55-ISS-ITDS-Linuxz-IF0055
6.2.0.55-ISS-ITDS-LinuxX64-IF0055
6.2.0.55-ISS-ITDS-Linuxip-IF0055
6.2.0.55-ISS-ITDS-Linux32-IF0055
6.2.0.55-ISS-ITDS-HPUXIA64-IF0055
6.2.0.55-ISS-ITDS-AIX-IF0055
6.2.0.54-ISS-ITDS-WinX64-IF0054
6.2.0.54-ISS-ITDS-Win32-IF0054
6.2.0.54-ISS-ITDS-SolarisX64-IF0054
6.2.0.54-ISS-ITDS-SolarisSparc-IF0054
6.2.0.54-ISS-ITDS-Linuxz-IF0054
6.2.0.54-ISS-ITDS-LinuxX64-IF0054
6.2.0.54-ISS-ITDS-Linuxip-IF0054
6.2.0.54-ISS-ITDS-Linux32-IF0054
6.2.0.54-ISS-ITDS-HPUXIA64-IF0054
6.2.0.54-ISS-ITDS-AIX-IF0054
6.2.0.53-ISS-ITDS-WinX64-IF0053
6.2.0.53-ISS-ITDS-Win32-IF0053
6.2.0.53-ISS-ITDS-SolarisX64-IF0053
6.2.0.53-ISS-ITDS-SolarisSparc-IF0053
6.2.0.53-ISS-ITDS-Linuxz-IF0053
6.2.0.53-ISS-ITDS-Linuxip-IF0053
6.2.0.53-ISS-ITDS-LinuxX64-IF0053
6.2.0.53-ISS-ITDS-Linux32-IF0053
6.2.0.53-ISS-ITDS-HPUXIA64-IF0053
6.2.0.53-ISS-ITDS-AIX-IF0053
6.2.0.52-ISS-ITDS-WinX64-IF0052
6.2.0.52-ISS-ITDS-Win32-IF0052
6.2.0.52-ISS-ITDS-SolarisX64-IF0052
6.2.0.52-ISS-ITDS-SolarisSparc-IF0052
6.2.0.52-ISS-ITDS-Linuxz-IF0052
6.2.0.52-ISS-ITDS-LinuxX64-IF0052
6.2.0.52-ISS-ITDS-Linuxip-IF0052
6.2.0.52-ISS-ITDS-Linux32-IF0052
6.2.0.52-ISS-ITDS-HPUXIA64-IF0052
6.2.0.52-ISS-ITDS-AIX-IF0052
6.2.0.51-ISS-ITDS-WinX64-IF0051
6.2.0.51-ISS-ITDS-Win32-IF0051
6.2.0.51-ISS-ITDS-SolarisX64-IF0051
6.2.0.51-ISS-ITDS-SolarisSparc-IF0051
6.2.0.51-ISS-ITDS-Linuxz-IF0051
6.2.0.51-ISS-ITDS-LinuxX64-IF0051
6.2.0.51-ISS-ITDS-Linuxip-IF0051
6.2.0.51-ISS-ITDS-Linux32-IF0051
6.2.0.51-ISS-ITDS-HPUXIA64-IF0051
6.2.0.51-ISS-ITDS-AIX-IF0051
6.2.0.50-ISS-ITDS-WinX64-IF0050
6.2.0.50-ISS-ITDS-Win32-IF0050
6.2.0.50-ISS-ITDS-SolarisX64-IF0050
6.2.0.50-ISS-ITDS-SolarisSparc-IF0050
6.2.0.50-ISS-ITDS-Linuxz-IF0050
6.2.0.50-ISS-ITDS-LinuxX64-IF0050
6.2.0.50-ISS-ITDS-Linuxip-IF0050
6.2.0.50-ISS-ITDS-Linux32-IF0050
6.2.0.50-ISS-ITDS-HPUXIA64-IF0050
6.2.0.50-ISS-ITDS-AIX-IF0050
6.2.0.49-ISS-ITDS-WinX64-IF0049
6.2.0.49-ISS-ITDS-Win32-IF0049
6.2.0.49-ISS-ITDS-SolarisX64-IF0049
6.2.0.49-ISS-ITDS-SolarisSparc-IF0049
6.2.0.49-ISS-ITDS-Linuxz-IF0049
6.2.0.49-ISS-ITDS-LinuxX64-IF0049
6.2.0.49-ISS-ITDS-Linuxip-IF0049
6.2.0.49-ISS-ITDS-Linux32-IF0049
6.2.0.49-ISS-ITDS-HPUXIA64-IF0049
6.2.0.49-ISS-ITDS-AIX-IF0049
6.2.0.47-ISS-ITDS-Linuxz-IF0047
6.2.0.47-ISS-ITDS-WinX64-IF0047
6.2.0.47-ISS-ITDS-Win32-IF0047
6.2.0.47-ISS-ITDS-SolarisX64-IF0047
6.2.0.47-ISS-ITDS-SolarisSparc-IF0047
6.2.0.47-ISS-ITDS-LinuxX64-IF0047
6.2.0.47-ISS-ITDS-Linuxip-IF0047
6.2.0.47-ISS-ITDS-Linux32-IF0047
6.2.0.47-ISS-ITDS-HPUXIA64-IF0047
6.2.0.47-ISS-ITDS-AIX-IF0047
6.2.0.46-ISS-ITDS-WinX64-IF0046
6.2.0.46-ISS-ITDS-Win32-IF0046
6.2.0.46-ISS-ITDS-SolarisX64-IF0046
6.2.0.46-ISS-ITDS-SolarisSparc-IF0046
6.2.0.46-ISS-ITDS-Linuxz-IF0046
6.2.0.46-ISS-ITDS-LinuxX64-IF0046
6.2.0.46-ISS-ITDS-Linuxip-IF0046
6.2.0.46-ISS-ITDS-Linux32-IF0046
6.2.0.46-ISS-ITDS-HPUXIA64-IF0046
6.2.0.46-ISS-ITDS-AIX-IF0046
6.2.0.45-ISS-ITDS-WinX64-IF0045
6.2.0.45-ISS-ITDS-Win32-IF0045
6.2.0.45-ISS-ITDS-SolarisX64-IF0045
6.2.0.45-ISS-ITDS-SolarisSparc-IF0045
6.2.0.45-ISS-ITDS-Linuxz-IF0045
6.2.0.45-ISS-ITDS-LinuxX64-IF0045
6.2.0.45-ISS-ITDS-Linuxip-IF0045
6.2.0.45-ISS-ITDS-Linux32-IF0045
6.2.0.45-ISS-ITDS-HPUXIA64-IF0045
6.2.0.45-ISS-ITDS-AIX-IF0045
6.2.0.44-ISS-ITDS-WinX64-IF0044
6.2.0.44-ISS-ITDS-Win32-IF0044
6.2.0.44-ISS-ITDS-SolarisX64-IF0044
6.2.0.44-ISS-ITDS-SolarisSparc-IF0044
6.2.0.44-ISS-ITDS-Linuxz-IF0044
6.2.0.44-ISS-ITDS-LinuxX64-IF0044
6.2.0.44-ISS-ITDS-Linuxip-IF0044
6.2.0.44-ISS-ITDS-Linux32-IF0044
6.2.0.44-ISS-ITDS-HPUXIA64-IF0044
6.2.0.44-ISS-ITDS-AIX-IF0044
6.2.0.43-ISS-ITDS-Win32-IF0043
6.2.0.43-ISS-ITDS-SolarisX64-IF0043
6.2.0.43-ISS-ITDS-SolarisSparc-IF0043
6.2.0.43-ISS-ITDS-Linuxz-IF0043
6.2.0.43-ISS-ITDS-LinuxX64-IF0043
6.2.0.43-ISS-ITDS-Linuxip-IF0043
6.2.0.43-ISS-ITDS-Linux32-IF0043
6.2.0.43-ISS-ITDS-HPUXIA64-IF0043
6.2.0.43-ISS-ITDS-AIX-IF0043
6.2.0.43-ISS-ITDS-WinX64-IF0043
6.2.0.42-ISS-ITDS-WinX64-IF0042
6.2.0.42-ISS-ITDS-Win32-IF0042
6.2.0.42-ISS-ITDS-SolarisX64-IF0042
6.2.0.42-ISS-ITDS-SolarisSparc-IF0042
6.2.0.42-ISS-ITDS-Linuxz-IF0042
6.2.0.42-ISS-ITDS-LinuxX64-IF0042
6.2.0.42-ISS-ITDS-Linuxip-IF0042
6.2.0.42-ISS-ITDS-Linux32-IF0042
6.2.0.42-ISS-ITDS-HPUXIA64-IF0042
6.2.0.42-ISS-ITDS-AIX-IF0042
6.2.0.41-ISS-ITDS-WinX64-IF0041
6.2.0.41-ISS-ITDS-Win32-IF0041
6.2.0.41-ISS-ITDS-SolarisX64-IF0041
6.2.0.41-ISS-ITDS-SolarisSparc-IF0041
6.2.0.41-ISS-ITDS-Linuxz-IF0041
6.2.0.41-ISS-ITDS-LinuxX64-IF0041
6.2.0.41-ISS-ITDS-Linuxip-IF0041
6.2.0.41-ISS-ITDS-Linux32-IF0041
6.2.0.41-ISS-ITDS-HPUXIA64-IF0041
6.2.0.41-ISS-ITDS-AIX-IF0041

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • The login page for the Web Admin Tool does not explicitly
    disable the autocomplete feature on the authentication fields.
    
    The autocomplete features allows the browser to auto-populate
    the application fields. The stored credentials can be captured
    by an attacker who gains access to the computer, either
    locally or through some remote compromise.
    

Local fix

  • Disable the auto-complete feature
    

Problem summary

  • The problem can be solved with including AUTOCOMPLETE="off" in
    the form tag. The form contents like user name and password
    will not be automatically filled due to that.
    
    Solution:
    
    The code has been changed to include AUTOCOMPLETE="off" in login
    pages.
    

Problem conclusion

  • The fix for this APAR will be contained in the following
    maintenance packages:
    | interim fix | 6.2.0.3-TIV-ITDS-IF0004 |
    

Temporary fix

Comments

APAR Information

  • APAR number

    IO14165

  • Reported component name

    IBM TIV DIR SER

  • Reported component ID

    5724J3960

  • Reported release

    620

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2011-05-10

  • Closed date

    2011-09-22

  • Last modified date

    2011-09-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IO14338 IO14339

Fix information

  • Fixed component name

    IBM TIV DIR SER

  • Fixed component ID

    5724J3960

Applicable component levels



Document information

More support for: IBM Security Directory Server
General

Software version: 620

Reference #: IO14165

Modified date: 22 September 2011