Direct link to fix
APAR status
Closed as program error.
Error description
If a user account is hijacked, the hijacker has access to the My Account menu which allows a password change. The password change screen requires the old password, but does not honor the ConsecFailedAttempts setting from the ui.properties file, so it can be tried an infinite number of times.
Local fix
STRRTC 436423 NM / NM Circumvention: None
Problem summary
Users Affected: All Problem Description: Security Vulnerability - ui.ConsecFailedAttempts is not honored on the My Account > Change Password screen Platforms Affected: All
Problem conclusion
Resolution Summary: The code has been changed such that ui.ConsecFailedAttempts is now honored on the My Account > Change Password screen. Delivered In: 5020402_4 5104_6
Temporary fix
Comments
Published On: 12/16/14
APAR Information
APAR number
IT03935
Reported component name
STR B2B INTEGRA
Reported component ID
5725D0600
Reported release
524
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-08-21
Closed date
2014-09-24
Last modified date
2014-12-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STR B2B INTEGRA
Fixed component ID
5725D0600
Applicable component levels
R524 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.2.4","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
15 December 2014