IBM Support

IT12006: PCOM: PCSNP.EXE PASSES USER NAME AND PASSWORD IN PLAIN TEXT

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Our workstation security team noticed that with the start of
    process pcsnp.exe, the Windows user name & password is passed
    to the process in plain text.
    
    What does the process do?
    How is the password passed to the command line?
    Why is it passed in plain text?
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * Users of IBM Personal Communications.                        *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * On a Microsoft Windows system where IBM Personal             *
    * Communications is installed, during Windows logon, the       *
    * Windows user name and password is passed to a system         *
    * process, "pcsnp.exe", in plain text. This can be captured by *
    * applications. This is a security concern.                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    

Problem conclusion

  • The design to pass the password in plain text was not correct.
    Changes have been made to the pcsnp.exe design to take care of
    the issue.
    Fix scheduled for PCOM 6.0.17 Refresh Pack and 12.0.0.1 Fix Pack
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT12006

  • Reported component name

    PCOMM V5 COMBO-

  • Reported component ID

    5639I7000

  • Reported release

    601

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-10-28

  • Closed date

    2015-12-28

  • Last modified date

    2016-05-12

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IP24023

Modules/Macros

  • pcsnp
    

Fix information

  • Fixed component name

    PCOMM V5 COMBO-

  • Fixed component ID

    5639I7000

Applicable component levels

  • R60F PSN

       UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSEQ5Y","label":"Personal Communications"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
12 May 2016