IBM Platform Symphony 6.1.1 Fix 231767 Readme File

Abstract

A user's PMC user name and password can be obtained by those other than the user.

Description

·    When the user logs on to PMC, the user name and password are stored in the browser cache, it also exists in the URL.

·    This is security vulnerability because a user's PMC user name and password are available to those other than the user.

This fix addresses the following issue:

·    A user's PMC user name and password can be obtained by those other than the user. This fix explains how to clear the user name and password when the user logs on to PMC, so that they are not available to other users.

This fix patch applies only to the following platform:

·    Linux 64-bit

Readme file for: IBM® Platform Symphony

Product/Component Release: 6.1.1

Update Name: Fix 231767

Fix ID: sym-6.1.1-build231767

Publication date: 30 March 2014

Last modified date: 30 March 2014

Contents:

1.     List of fixes

2.     Download location

3.     Products or components affected

4.     Installation and configuration

5.     List of files

6.   Copyright and trademark information 

1.   List of fixes

APAR#P100370: PMC shows clear text user password after login.

2.   Download Location

Download Fix 231767 from the following location: http://www.ibm.com/eserver/support/fixes/ 

3.   Products or components affected 

Product/Component Name:

Platform Symphony/PMC

4.   Installation and configuration

4.1        Before installation 

1.     Stop the running service.

Log on to the master host as the cluster administrator and run:

> source cshrc.platform

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI

2.     Back up the file.

Log on to each management host and back up the following file that will be replaced by this fix:

> $EGO_TOP/gui/1.2.8/lib/commons-ego.jar

4.2        Installation steps 

1.    Apply the fix.

Log on to each management host and replace the old file with the downloaded one in the following directory:

> $EGO_TOP/gui/1.2.8/lib/commons-ego.jar

4.3          After installation 

1.     Clean up the GUI work directory and the browser cache.

To clean up the GUI work directory, delete all subdirectories and files in this directory.

2.     Start the service.

Log on to the master host as the cluster administrator and run:

> egosh user logon -u Admin -x Admin

> egosh service start WEBGUI 

4.4          Uninstallation 

1.     Stop the running service.

Log on to the master host as the cluster administrator and run:

> egosh user logon -u Admin -x Admin

> egosh service stop WEBGUI

2.     Restore the backup file.

Log on to each management host and restore the backup file for the following file:

> $EGO_TOP/gui/1.2.8/lib/commons-ego.jar

3.     Clean up the GUI work directory and the browser cache.

To clean up the GUI work directory, delete all subdirectories and files in this directory.

4.   Start the WEBGUI service.

Log on to the master host as the cluster administrator and run:

> egosh service start WEBGUI

5.   List of files

·    commons-ego.jar

6.   Copyright and trademark information

© Copyright IBM Corporation 2014

U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IBM®, the IBM logo and ibm.com®are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.