PQ62577: WILD CARD CHARACTERS ARE NOT TREATED PROPERLY.

 A fix is available

4.0.5: WebSphere Application Server Version 4.0 Fix Pack 5 (Version 4.0.5)



APAR status
Closed as program error.

Error description
Wild card characters are not treated properly in the user name
at login time. for example:
User ID  Adm*
Password nataraj
can get you into WAS.
Can reproduce this on DOMINO LDAP or Secureway directory.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: WebSphere Application Server users who use   *
*                 LDAP user registry in authentication.        *
****************************************************************
* PROBLEM DESCRIPTION: Wild card characters in a user name     *
*                      are not treated properly.               *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
An "*" represent any character in LDAP if not escaped.
WebSphere did not escape any "*" in a user's name.
It is important to note that unless the user has only one
match in the registry when the "*" is treated as a wild
card, the user will be refused authentication.  The users
password must still be correct as well.
Problem conclusion
WebSphere security will escape "*" if user name contains "*"
in our Ldap registry implementation, and ldap filter will
check a value with the character "*", rather than treat "*" as
any character.
Temporary fix
provided testing eFix
Comments
APAR information
APAR number PQ62577
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-06-27
Closed date 2002-07-24
Last modified date 2002-07-24

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:
PQ42162

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ62577
IBM Group: Software Group
Modified date: Jul 24, 2002