PM82577: ASE sends 'wfenc%3A...' password in AFF during record playback

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • In AppScan Enterprise 8.6.0.2 there is an issue with how the
    password parameter is tracked. This results in the password
    being sent as a 'wfenc:?Hex string?' value rather than the
    expected value, and a result AppScan cannot log in to the site
    and scanjob goes out of session.
    
    Workaround: In situations that do not involve dynamically
    generated values (e.g. MD5 Hashing the value) tracking the
    password is not necessary, so simply untracking the password
    parameter should work around the issue.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The password field in the Form Filler is kept encrypted in
    the configuration.
    In some cases, the encrypted value was assigned to the
    password parameter of the request.
    

Problem conclusion

  • Fixed in AppScan Enterprise 8.7
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM82577

  • Reported component name

    SEC APPSCAN ENT

  • Reported component ID

    5724T5200

  • Reported release

    860

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-02-12

  • Closed date

    2013-03-27

  • Last modified date

    2013-03-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SEC APPSCAN ENT

  • Fixed component ID

    5724T5200

Applicable component levels

  • R860 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security AppScan Enterprise

Software version:

8.6

Reference #:

PM82577

Modified date:

2013-03-27

Translate my page

Machine Translation

Content navigation