Within CA TPX, how can we minimize exposure when a user types their password into the userid field?

Document ID : KB000006388
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Sometimes a user will enter their password in the userid field and this is sent to security for validation and rejected as an invalid userid.  Subsequent successful signon also shows in the log.  This is a potential security breach since these messages are all now visible to anyone reviewing the log.

Environment:
CA TPX for z/OS
Cause:

User may type their userid and press enter instead of tabbing to password field.  Signon is rejected.  They continue by typing their password without realizing that they are back in the userid field, press enter and this is also sent to security.  Signon again rejected.

Resolution:

Since there is no way to control what a user may type into a field, the workaround is to avoid having the security messages with visible password showing up in any logs.

  • While it is feasible to block by message id [within TPX for TPXL* messages and within security for those messages] this would eliminate too many messages that are required for regular triage of user issues.
  • Field validation at the ISPF panel level [using )PROC and VER statements] is not possible within TPX.  TPX programmatically overrides any panel )PROC statements for security purposes.

Suggestions:

  1. Use the Log Writer exit to replace a userid in the message with another character when the userid do not conform to site naming standards.
    • For example, if the userid must be alphanumeric and passwords must contain a special character, any userid that contains a special character is definitely invalid and can be replaced with '???????' in the logon rejection message.
    • Similar changes should also be considered for the security log and syslog.
  2. Use the Signon Signoff Exit, TPXUSNSF, to reject the user (RC4) in the pre-security call (function code 8) based on custom code you may add. For example, is the userid is greater than 7 characters, or does not match your site format for alpha and numeric characters.

You may also consider restricting who may view the TPX started task logs and the syslog.

 

Additional Information: