On z/OS 1.11, we are noticing that passwords are being changed during logon when the user accidentally enters data in the new password field but then declines to confirm it. Specifically:
1 - The user enters "logon <userid>". 2 - The usual password panel appears. 3 - The user enters the correct password and some extraneous data in the new password field. 4 - The password panel reappears with a message to re-enter the new password. 5 - The users presses ENTER. 6 - The password panel appears again with a message that the two inputs do not match. 7 - The user presses ENTER again. 8 - The user is logged on but the password is changed to the extraneous data entered on the first panel in step 3. If, in step 5, the user enters a second set of characters that does not match the those entered in step 3, the password is still changed, but this time to the data entered in step 5, not step 3. Surely this cannot be WAD, otherwise there would be no point in asking for confirmation. Is there a PTF to fix this? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
