PQ91701: WINDOWS REGISTRY HAS USER/PASSWORD EXPOSED WHEN SECURITY IS ENABLED CAUSING A SECURITY RISK

 Fixes are available

5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for AIX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Windows
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for HP-UX
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Solaris
5.1.1.6: WebSphere Application Server Version 5.1.1 Cumulative Fix 6
5.1.1.7: WebSphere Application Server Version 5.1.1 Cumulative Fix 7
5.1.1.4: WebSphere Application Server Version 5.1.1 Cumulative Fix 4
5.1.1.8: WebSphere Application Server 5.1.1 Cumulative Fix 8 for Linux



APAR status
Closed as program error.

Error description
On Windows with security enabled a Windows service has the
Local fix Problem summary
****************************************************************
* USERS AFFECTED: User that store start and stop arguments     *
*                 when creating a Windows service using        *
*                 wasservice.exe                               *
****************************************************************
* PROBLEM DESCRIPTION: Start and stop arguments are stored     *
*                      as plain text in the Windows registry.  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Creating a Windows service using the wasservice.exe gives the
user the ablitiy to add start and stop arguments to the
starting and stopping of the Application Server. These arguments
are stored as plain text in the Windows registry.
Problem conclusion
This fix includes a -encodeParams option that encodes the
startArgs and stopArgs registry values so that they are no
longer in plain text.
Temporary fix Comments
APAR information
APAR number PQ91701
Reported component name WAS BASE 5.0
Reported component ID 5630A3600
Reported release 00W
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Special Attention NoSpecatt
Submitted date 2004-07-20
Closed date 2004-10-14
Last modified date 2004-10-14

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SERVICE          

Publications Referenced

Fix information

Applicable component levels
R00W PSY    UP
R10W PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 00W
Software edition:
Reference #: PQ91701
IBM Group: Software Group
Modified date: Oct 14, 2004