GETENTRY exposes old passwords

Document ID : KB000111422
Last Modified Date : 16/08/2018
Show Technical Document Details
Issue:
GETENTRY without the undocumented WITHPASS option masks the current passwords on the USER, IDENTITY, and MDISK statements, and removes the *PW00= record, but it leaves the old password records (*PW01=, *PW02=, etc) intact. It should scrub the password history statements unless WITHPASS is used.
Resolution:
VM:Secure PTF SO05000 corrects this problem/exposure.
GETENTRY now correctly removes all password history records (*PWnn=) from the returned directory entry, whereas previously only the record(s) for the current password (*PW00=) were removed.

 
Additional Information:
When/if REPENTRY is done for the GETENTRY item, any/all password history records are restored to the replaced entry from the original copy of the entry on the VM:Secure directory disk (1B0), so the existing password history (maintained by VM:Secure) remains intact for the entry.
If *PWnn records exist in the replacement copy of the entry, they are removed and replaced by the information on the 1B0.