PQ53048: WEBSPHERE ADMIN PASSWORD SECURITY ISSUE: PASSWORD CAN BE OBTAINED VIA SASCONFIG | |||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||
APAR status Closed as program error. Error description Security issue revealed in Websphere Application Server 4.0 - Any user with the ability to submit JSP(TM) files to Websphere 4.0 can get Admin password in clear text via SASConfig.Local fix Problem summary **************************************************************** * USERS AFFECTED: All WebSphere Application Server users * * which have enabled security. * **************************************************************** * PROBLEM DESCRIPTION: Developers could get the security * * server password. The process involves * * deploying code, which, if the * * developers are not trusted, should be * * reviewed in any case. * **************************************************************** * RECOMMENDATION: * **************************************************************** Developers could get the security server password.Problem conclusion Mechanism for getting password was removed.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros
|
Document Information |
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ53048
IBM Group: Software Group
Modified date: Apr 24, 2003
(C) Copyright IBM Corporation 2000, 2006. All Rights Reserved.