IBM Support

PH56262: CICS CAN UNMASK THE PASSWORD AND CONVERT FROM 037 TO THE LOCALCCSID BEFORE PASSING THE PASSWORD TO THE ESM.

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • CICS TG is connecting into a CICS region using an IPCONN which
has USERAUTH(VERIFY).
This means the USERID and PASSWORD are sent into CICS with each
ECI request.  When the CTG has to send a PASSWORD it converts it
from the clients codepage to codepage 037 and then masks the
value. When CICS receives the password it is unmasked and passed
to the ESM.  If the password contains special characters, they
may not be accepted because they have 037 codepoints instead
of the codepoints from the CCSID that CICS is using.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All.                                         *
****************************************************************
* PROBLEM DESCRIPTION: Incorrect password may get passed to    *
*                      the ESM when special characters are     *
*                      used.                                   *
****************************************************************
In the reported problem a CTG client had a connection into CICS
where the IPCONN specified USERAUTH(VERIFY). This resulted in
CTG ECI requests arriving in CICS with USERID and PASSWORD
credentials.
CTG converted the PASSWORD to codepage 037, masked it and
sent it into CICS.  A codepath exists in DFHISIS where if
the LOCALCCSID of the CICS system is not the default (037)
and the LOCALCCSID  in use has different codepoints for
codepage 37 special character(s) then the password may be
rejected by the ESM.

    



Problem conclusion


    

  • DFHISIS has been changed to convert the masked password to the
LOCALCCSID before passing it to the ESM.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH56262
    • 

  • Reported component name
    CICS TS Z/OS V5
    • 

  • Reported component ID
    5655Y0400
    • 

  • Reported release
    200
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2023-08-08
    • 

  • Closed date
    2023-09-07
    • 

  • Last modified date
    2023-10-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PH51506
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI93470
    

    • 



Modules/Macros


    

  • DFHCCNVG DFHCCNVT DFHISIS  DFHXCNVG

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V5
    • 

  • Fixed component ID
    5655Y0400
    • 



Applicable component levels


    

  • R200  PSY  UI93470
       UP23/09/14  P  F309
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.5","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 October 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback