APAR status
Closed as program error.
Error description
In AppScan Enterprise 8.6.0.2 there is an issue with how the password parameter is tracked. This results in the password being sent as a 'wfenc:?Hex string?' value rather than the expected value, and a result AppScan cannot log in to the site and scanjob goes out of session. Workaround: In situations that do not involve dynamically generated values (e.g. MD5 Hashing the value) tracking the password is not necessary, so simply untracking the password parameter should work around the issue.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** The password field in the Form Filler is kept encrypted in the configuration. In some cases, the encrypted value was assigned to the password parameter of the request.
Problem conclusion
Fixed in AppScan Enterprise 8.7
Temporary fix
Comments
APAR Information
APAR number
PM82577
Reported component name
SEC APPSCAN ENT
Reported component ID
5724T5200
Reported release
860
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-02-12
Closed date
2013-03-27
Last modified date
2013-03-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SEC APPSCAN ENT
Fixed component ID
5724T5200
Applicable component levels
R860 PSN
UP
[{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.6","Edition":"","Line of Business":{"code":null,"label":null}}]
Document Information
Modified date:
08 September 2020