PK19195; 5.1.1.8: a corrupt token will allow login
on Solaris
Downloadable files
Abstract
A manipulated LTPA token from subjects credential will
allow to gain access to an EJB after login in Solaris.
Download Description
PK19195 resolves the following problem:
ERROR DESCRIPTION:
If an application gets the LTPA token from subjects credential, then
manipulates the token and attempts to log in with that token, on Solaris
platform that token can be used to gain access to an EJB.
LOCAL FIX:
PROBLEM SUMMARY
USERS AFFECTED:
All WebSphere Application Server users who have enabled security and are
using LTPA authentication method.
PROBLEM DESCRIPTION:
A manipulated LTPA token from subjects credential will allow to gain
access to an EJB after login in Solaris.
RECOMMENDATION:
None
An application that logs in, gets the token from subjects credential, then
manipulates the token and attempts to log in with that token. On the
Solaris platform the token can be used to gain access to an EJB.
PROBLEM CONCLUSION:
The corrupted token signature was found to be invalid, a flag for isValid
was false, but token constructor worked anyway. The code is fixed to throw
an exception if isValid is false.
There is no Service pack palanned for 5.0.1, 5.1.0, 6.0 and 6.0.1
releases.
The fix for this APAR is currently targeted for inclusion in fixpack
5.0.2.17 and 5.1.1.10. Please refer to the