APAR status
Closed as program error.
Error description
FFDC logs from $WAS_HOME\logs\ffdc directory contain readable
passwords. This presents a security problem. The passwords in
the log files should be encrypted or filtered out together.
.
FFDC has an option to not show the details behind the executing
code, this option being called FFDCSelfIntrospectable - the FFDC
call in this code needs to change not to use this function.
.
The scheduler component has the method
com.ibm.ws.scheduler.TaskStoreImpl.loadTasksFromResultSet
which generates the password in the ffdc logs.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users *
* of scheduler and FFDC logs *
****************************************************************
* PROBLEM DESCRIPTION: There is the possibility of a password *
* being exposed in clear text in the FFDC *
* logs *
****************************************************************
* RECOMMENDATION: *
****************************************************************
There were some classes exposed by FFDC which
had unencrypted passwords within them.
Problem conclusion
In all instances passwords have been hidden.
Temporary fix Comments
APAR information |
APAR number |
PK02503 |
Reported component name |
WAS ENTERPRISE |
Reported component ID |
5630A3700 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2005-03-15 |
Closed date |
2005-04-19 |
Last modified date |
2005-05-17 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
|
Fix information |
Fixed component name |
WAS ENTERPRISE |
Fixed component ID |
5630A3700 |
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|