IBM Support

IJ03230: INCORRECT PASSWORD SENDS MULTIPLE LOG IN REQUEST.

Direct links to fixes

7.6.3.1-TIV-MAXANY-IFIX002
7.6.3.0-TIV-MAXANY-IFIX003
Maximo Anywhere 7.6.2.1 Interim Fix 002

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In Maximo Anywhere 7.6.2 w/HF and 7.6.2.1 entering an incorrect
password for a user will send multiple login requests and
eventually lock the user out.


Steps to reproduce.

1.  On a device or simulator open the Work Execution application
2.  Enter a correct username with an incorrect password
3.  This will send multiple request to the Maximo application
and fail each time.

Using debug tools you can see multiple requests going out to
Maximo all returning with 401.  Depending on security control
settings this can result in a user being locked out of Maximo
due to invalid attempts.

Local fix

  • N/A

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* Yes                                                          *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* The CustomChallengeHandler.login() owns the logic to         *
* re-authenticate the expired session "behind the scenes". The *
* problem is that it got in same condition of wrong password   *
* case.                                                        *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************

Problem conclusion

  • The fix was to include an additional check in 'isAuthenticatin'
flag in order to prevent additinal requests when wrong password
is entered.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ03230
    • 

  • Reported component name
    ANYWHERE APPS
    • 

  • Reported component ID
    5725M39MA
    • 

  • Reported release
    762
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-01-12
    • 

  • Closed date
    2018-01-30
    • 

  • Last modified date
    2018-01-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    ANYWHERE APPS
    • 

  • Fixed component ID
    5725M39MA
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPJLC","label":"Maximo Anywhere"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 June 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback