IBM Support

PM85553: DFHIS1027 SECURITY VIOLATION HAS BEEN DETECTED USING IPCONN

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • An ECI request is sent over IPIC with a USERID 7 bytes long.
USD1 key is 10 bytes long, so CICS paddes the USERID with
blanks.
This makes a userid of length 7 with 3 blanks as a userid of
length 10.
This allows the length of 10 to work when the user is already
in the USD1 directory, but to fail when the USERID must be added
in the security domain.
When DFHXSSA tries to ADD_USER_WITHOUT_PASSWORD an EXCEPTION is
issued because USERID_NOT_DEFINED.
This cause DFHIS1027 - Security violation has been detected
using IPIC - to be issued .
DFHUSAD should ignore trailing blanks in the userid.

Local fix

  • N/A

Problem summary

  • ****************************************************************
* USERS AFFECTED: All CICS users.                              *
****************************************************************
* PROBLEM DESCRIPTION: MsgDFHIS1027 "Security violation has    *
*                      been detected using IPCONN" is issued   *
*                      when using IPCONN and userid is padded  *
*                      with blanks.                            *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The CICS Transaction Gateway is communicating with CICS using an
IPCONN connection, and a userid with blank padding is received
by CICS. If the user is not currently known to CICS then it must
be added to the user domain. DFHUSAD passes the full length of
the user id, inclusive of trailing blanks.
When DFHXSSA tries to ADD_USER_WITHOUT_PASSWORD an EXCEPTION
is issued because USERID_NOT_DEFINED. Then message DFHIS1027 is
issued.

Problem conclusion

  • DFHUSAD has been changed to remove the trailing blanks in the
userid.

Temporary fix

  • FIX AVAILABLE BY PTF ONLY

Comments

  • 



APAR Information




    

  • APAR number
    PM85553
    • 

  • Reported component name
    CICS TS Z/OS V5
    • 

  • Reported component ID
    5655Y0400
    • 

  • Reported release
    800
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2013-03-26
    • 

  • Closed date
    2013-05-21
    • 

  • Last modified date
    2015-03-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PM84800
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK94605
    

    • 



Modules/Macros


    

  • DFHUSAD

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V5
    • 

  • Fixed component ID
    5655Y0400
    • 



Applicable component levels


    

  • R800  PSY  UK94605
       UP13/06/01  P  F305
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            10 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback