PH59574: INVALID PASSWORD WITH CPSM WUI SIGNON IF CHANGING PASSWORD AT SAME TIME FOR AN MFA USERID

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• You are signing onto a CPSM WUI ( CICSPlex SM Web User Interface
  ) browser with a userid that utilizes Multi-Factor
  Authentication. At the same time you are signing on, you are
  also trying to change your password.
  
  You enter the correct current password and valid new password,
  and get an error message stating your password is invalid. But
  your password was successfully changed to your new one. If you
  then attempt to sign on using the new password, it is
  successful.
  
  If you capture an SVC dump of the WUI region with CICS trace
  turned on, all components at 1 except EI and XS both at '1-2',
  you'll see trace entries for
  
  
  EXEC CICS CHANGE PHRASE  (successful)
  
  followed by an entry for
  
  
  EXEC CICS VERIFY PHRASE
  
  which fails, and the following exception trace is made:
  
  XS FE04 XSSB  *EXC* FUNCTION(INQUIRE_PASSWORD_DATA)
  
                     RESPONSE(EXCEPTION) REASON(INVALID_PASSWORD)
  
                     SAF_RESPONSE(8) SAF_REASON(0)
  
                     ESM_RESPONSE(8) ESM_REASON(0)
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All CICSPlex SM Users                        *
  ****************************************************************
  * PROBLEM DESCRIPTION: The CPSM WUI incorrectly reports        *
  *                      EYUVC1030E when changing a password     *
  *                      or password phrase for a user id        *
  *                      configured with Multi-factor            *
  *                      Authentication (MFA).                   *
  ****************************************************************
  * RECOMMENDATION: The PTFs addressing this APAR should be      *
  *                 applied to all WUI regions.                  *
  ****************************************************************
  When changing the password/password phrase of a user id using
  the CPSM WUI application, after the change the user is logged
  into the WUI, with days until password expire and last log in
  date/time being displayed. These are output in message
  EYUVC1000 on a successful login, after a the change is complete.
  
  However,  when a user employing MFA or other forms of one-time
  password, uses the WUI to change password/pass phrase, the
  change completes successfully. However to complete
  the login process and extract the other details displayed the
  WUI performs a CICS VERIFY call with the new password without
  an MFA token which fails. This failure causes the WUI to
  abort the login and produce message:
     EYUVC1030E Invalid user name or password. Try again.
  This is produce even though the password/pass phrase has been
  successfully changed.
  
  Additional Keywords: PH59546 PH59547
  

Problem conclusion

• The WUI processing for change user password or pass phrase
  has been updated to extract LASTUSETIME and DAYSLEFT values,
  which are returned on successful login, from the CHANGE PHRASE
  call. Allowing the WUI to successfully complete login in this
  described scenario.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  PH60714 UI96888 UI96889

Modules/Macros

• EYU0VPSN
  

Fix information

• Fixed component name

  CICS TS Z/OS V5

• Fixed component ID

  5655Y0400

Applicable component levels

• R20M PSY UI96889

     UP24/05/23 P F405

• R30M PSY UI96888

     UP24/05/18 P F405

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.