Direct links to fixes
PCOMM_60170_DocumentAdminAids
PCOMM_60170_JAP_RefreshPack
PCOMM_60170_MLS_RefreshPack
PCOMM_60170_KOR_RefreshPack
PCOMM_60170_CHT_RefreshPack
PCOMM_60170_CHS_RefreshPack
PCOMM_12001_MLS
PCOMM_12001_English
PCOMM_12001_Japanese
PCOMM_12001_Korean
PCOMM_12001_TraditionalChinese
PCOMM_12001_SimplifiedChinese
PCOMM-6.0.16.0-SPL-BLD-KOR-refresh-pack
PCOMM-6.0.16.0-SPL-BLD-JAP-refresh-pack
PCOMM-6.0.16.0-SPL-BLD-MLS-refresh-pack
PCOMM-6.0.16.0-SPL-BLD-CHT-refresh-pack
PCOMM-6.0.16.0-SPL-BLD-CHS-refresh-pack
IBM Personal Communications 12.0.0.1
Personal Communications 6.0.17
APAR status
Closed as program error.
Error description
Our workstation security team noticed that with the start of process pcsnp.exe, the Windows user name & password is passed to the process in plain text. What does the process do? How is the password passed to the command line? Why is it passed in plain text?
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * Users of IBM Personal Communications. * **************************************************************** * PROBLEM DESCRIPTION: * * On a Microsoft Windows system where IBM Personal * * Communications is installed, during Windows logon, the * * Windows user name and password is passed to a system * * process, "pcsnp.exe", in plain text. This can be captured by * * applications. This is a security concern. * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
The design to pass the password in plain text was not correct. Changes have been made to the pcsnp.exe design to take care of the issue. Fix scheduled for PCOM 6.0.17 Refresh Pack and 12.0.0.1 Fix Pack
Temporary fix
Comments
APAR Information
APAR number
IT12006
Reported component name
PCOMM V5 COMBO-
Reported component ID
5639I7000
Reported release
601
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-10-28
Closed date
2015-12-28
Last modified date
2016-05-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
IP24023
Modules/Macros
pcsnp
Fix information
Fixed component name
PCOMM V5 COMBO-
Fixed component ID
5639I7000
Applicable component levels
R60F PSN
UP
Document Information
Modified date:
12 May 2016