From IBM z/VM Using CA VM:Secure Security Technical Implementation Guide
Part of SRG-OS-000480-GPOS-00226
Associated with: CCI-000366
IBM z/VM 6.4.0 made changes to obscure whether a logon is invalid due to the user ID or due to the password. Both the logon prompting sequence and the message HCPLGA050E were changed. However, DELAYLOG causes a delay for a logon with an invalid password that it does not cause when the user ID is invalid. Thus, if you are using DELAYLOG with z/VM 6.4.0, you can inadvertently let someone trying to break into your system know that it is the password that is invalid.
Display the CA VM:Secure product Config file. If the “DELAYLOG” record does not exist, this is not a finding. If the “DELAYLOG” record is set to "0”, this is not a finding.
Configure DELAYLOG = 0 or delete the “DELAYLOG” configuration file record.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer