Password file exposed in a temporary directory after Patch 1 re-deployment (CR 6640377) (Sun Java System Access Manager 7.1 Release Notes)

Sun Java System Access Manager 7.1 Release Notes

Previous: Distributed Auth UI does not work with a WebSphere Application Server 5.1.1.12 server (CR 6625928)
Next: LDAP Failover not working properly (CR 6611627)

Password file exposed in a temporary directory after Patch 1 re-deployment (CR 6640377)

After Access Manager Patch 1 applied to Access Manager 7.1 and re-deployed, several/tmp directories are created. In one of them, the permissions are incorrectly set so that the sun_ad_dirmgrpasswd is readable. These directories are automatically deleted when the deployment is completed, but they are exposed for a matter of time before hand. This is a potential security risk.

Workaround

Before re-deploying the patch, set umask 077. The files will then be created with the correct permissions.

Previous: Distributed Auth UI does not work with a WebSphere Application Server 5.1.1.12 server (CR 6625928)
Next: LDAP Failover not working properly (CR 6611627)