IBM Support

IT25704: PCOM: AFTER IT12006 STILL SEE PLAIN TEXT INFORMATION

Fixes are available

IBM Personal Communications 13.0.2
IBM Personal Communications 12.0.4.1

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • We are running IBM Personal Communications 12.0 for Windows and
are at fix level 20170427 S - 12.0.2.0
Our security team is still seeing plain text information being
passed as described in APAR IT12006.  This APAR was included in
fix level 12.0.0.1 and we are at a higher fix level, so we
assumed the APAR is included in our current fix level.

Does fix level 12.0.2.0 include the fix for APAR IT12006?
If not, what is the fix level we need?

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All IBM Personal Communications users                        *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* PCOMM temporarily saves user information insecurely          *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
To facilitate Kerberos authentication, PCOMM captured the user
login information in an insecure manner.

    



Problem conclusion


    

  • Changes have been made to securely handle the user login
information. The following files have been modified.

PCSNP.DLL
PCSNP.EXE



Fix scheduled for PCOMM 12.0.4.1 Fix Pack and 13.0.2.0 Refresh
Pack

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT25704
    • 

  • Reported component name
    PCOMM COMBO-ENG
    • 

  • Reported component ID
    5639I7000
    • 

  • Reported release
    C00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2018-07-16
    • 

  • Closed date
    2018-09-24
    • 

  • Last modified date
    2020-09-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • PCSNP

    



Fix information


    

  • Fixed component name
    PCOMM COMBO-ENG
    • 

  • Fixed component ID
    5639I7000
    • 



Applicable component levels


    

  • RC00  PSY
       UP
    • 

  • RD00  PSY
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSEQ5Y","label":"Personal Communications"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"C00"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            27 September 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback