Title

For interactive sessions, IDMS must limit the number of concurrent sessions for the same user to one or allow unlimited sessions. (Cat II impact)

Discussion

Multiple interactive sessions can provide a way to cause a DoS attack against IDMS if a user ID and password were compromised. Not allowing multiple sign-ons can mitigate the risk of malicious attacks using multiple sessions for a user.

Check Content

Use task SYSGEN if online, or program RHDCSGEN if batch. Sign on to the dictionary where the System definition is maintained: "SIGNON DICTIONARY SYSTEM.", for example. Enter: "DISPLAY SYSTEM 123." where 123 is the number of the system being checked. Scroll through the returned text until "MULTIPLE SIGNON" is found. If the associated value is "YES", this is a finding.

Fix Text

Use TASK SYSGEN if online, or program RHDCSGEN if batch. Sign on to the dictionary where the system definition is maintained: "SIGNON DICTIONARY SYSTEM.", for example. Enter: "MODIFY SYSTEM 123 MULTIPLE SIGNON IS NO." where 123 is the number of the system being modified. Enter: "VALIDATE." Enter: "GENERATE." The change will become effective the next time the CV is stopped and started.

Additional Identifiers

Rule ID: SV-251582r807613_rule

Vulnerability ID: V-251582

Group Title: SRG-APP-000001-DB-000031

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.