!*CTL2.16 11/05/24 SCNPSWDL6004 DOC BA60UD0S BA0S097 D !*CTL2.16 05/27/24 SCNPSWDL6003 DOC BA60UD0S BA0S068 C !*CTL2.16 04/25/24 SCNPSWDL6002 DOC BA60UD0S BA0S042 B !*CTL2.16 04/25/24 SCNPSWDL6001 DOC BA60UD0S BA0S040 A !*SEQ0.10 03/28/24 SCNPSWDL6000 DOC BA60UD0S BA10000 @ \poff 2;outlen 76 \sect " "1 \head "BASE24: PCI DSS v4 - Password Length (SCNPSWDL)_28-MAR-2024" \subhead " " \new \foot "ACI Worldwide Inc." \new \space 3;center 2 \ov DOCUMENT HISTORY DOCUMENT HISTORY This file, SCNPSWDL, contains all of the SCNs that were completed as part of the PCI DSS v4 - Password Length enhancement. This enhancement was completed in the March 2024 timeframe. \new Copyright 2024 by ACI Worldwide Inc. All rights reserved. All information contained in this document is confidential and proprietary to ACI Worldwide Inc. This material is a trade secret and its confidentiality is strictly maintained. Use of any copyright notice does not imply unrestricted or public access to these materials. No part of this document may be photocopied, electronically transferred, modified, or reproduced in any manner without the prior written consent of ACI Worldwide Inc. BASE24, BASE24-atm, BASE24-atm non-currency dispense, BASE24-atm self-service banking, BASE24-billpay, BASE24-from host maintenance, BASE24-InfoBase, BASE24-inventory, BASE24-pos, BASE24 Remote Banking, BASE24-telebanking, and BASE24-teller are trademarks or registered trademarks of ACI Worldwide Inc., Transaction Systems Architects, Inc., or their subsidiaries. Other companies' trademarks, service marks, or registered trademarks and service marks are trademarks, service marks, or registered trademarks and service marks of their respective companies. \new \need off;space 1;need on ! 28MAR2024 MohanD ! Symptom: PCI DSS v4 - Password Length ! Problem: None. ! Fix: Enhanced the functionality to support network ! passwords of up to 16 characters. ! BA60AFT: SCRNMEGA, SCRNSEC, RQMEGAS, RQSECS, SVISECS ! BA60DDL: DDLGPTH ! Dependency: Add file: ! BA60UD0S: AAREADUD, IGR6PV10, SCNPSWDL, V61004 ! Reference: WO #PDM-004603 ! 25APR2024 MohanD ! Symptom: 1) When trying to change some field from SEC, ! for example MASKING FLAG, MAX LOGON ATTEMPTS, ! START TIME, END TIME -> "PASSWORD MUST HAVE ! AT LEASE 2 DIFFERENT CHARACTERS 0011" error ! message is displayed. ! 2) When trying to change the password, if MASKING ! FLAG is set to Y and the new length is less than ! 16 -> "PASSWORD VERIFICATION FAILED - PLEASE ! RE-ENTER 0011" error message is displayed. ! 3) When trying to change the password in SEC, ! if MASKING FLAG is set to Y and the new length ! is 16 "PASSWORD CAN NOT BE REUSED TRY AGAIN 0004" ! error message is displayed. ! Problem: 1) When trying to update some field from SEC, ! varible that stores password fields is not ! cleared fully which insist password field ! to be updated along with other fields. ! 2) When trying to change the password, ! varible that stores password fields is not ! cleared fully thats makes mismatch in password ! and password-verify fields. ! 3) When trying to change the password, password ! history check is not working for password having ! length greater than 8 and less than or equal to 16. ! Fix: Modified code to handle the update and password history ! check properly. ! Dependency: Apply fixes to: ! BA60AFT : RQSECS, SVISECS ! Replace Files: ! BA60UD0S: SCNPSWDL, V61004 ! Reference: WO #PDM-004603 ! 25APR2024 MohanD ! Symptom: PCI DSS v4 - Password Length ! Problem: None. ! Fix: Added the SCN for the BA60UD0S.SCNPSWDL and V61004 ! files. ! Dependency: Replace BA60UD0S.SCNPSWDL ! BA60UD0S.V61004 ! Reference: WO #PDM-004603 ! 27MAY2024 MohanD ! Symptom: Issues while updating/adding ACCESS CODES for a ! certain file in overlay-3 of sec. ! ( F15- File Access is executed from overlay-1, ! followed by F5- Update ) ! Problem: The variable TRAN-CDE is not set correctly ! in proc 470-SET-UP-UPDATE for update operation ! in overlay-3. ! Fix: Code has been modified to execute the line ! that sets variable TRAN-CDE for Update operation ! in overlay-3. ! Dependency: Apply fix to ! BA60AFT: RQSECS ! Run Make. ! Replace Files: ! BA60UD0S: SCNPSWDL, V61004 ! Reference: Case #3638344 ! 04NOV2024 watsonl ! Symptom: When adding a new user in the SEC or resetting ! a user's password, error message "PASSWORD CAN ! NOT BE REUSED TRY AGAIN" is emitted. ! Problem: A previous fix ('r' BA0S039) inadvertently ! introduced a period (.) causing paragraph 240- ! PSWD-HIST-CHK to be executed even for non- ! complex passwords. ! Fix: The fix is to add a check for complex passwords ! prior to executing paragraph 240-PSWD-HIST-CHK. ! Modified Paragraph: 210-VALIDATE-ENCRYPT-PASSWORD ! Dependency: Apply fix to ! BA60AFT.SVISECS ! Run Make. ! Replace ! BA60UD0S.SCNPSWDL, V61004 ! Reference: Case #3676155 Note: Once the parameter PASSWORD-COMPLEX is set to a "Y", it is not intended for the parameter to be reset to "N" at a later time. Changes are made to the password fields in the SEC file records to indicate that the network is using complex passwords. These changes cannot be undone. If a customer believes they may wish to turn complex passwords on for a time and then turn them off (say in a test system), a backup of the security file (SEC) should be made before the parameter is set to "Y". \ov MODULE SCN TYPE OF CHANGE MODULE SCN TYPE OF CHANGE ------ --- -------------- BA60AFT.RQMEGAS BA0S028 Inline Changes BA60AFT.RQSECS BA0S029 Inline Changes BA0S038 Fix for Case 03632193 BA0S067 Fix for Case 03638344 BA60AFT.SCRNMEGA BA0S030 Inline Changes BA60AFT.SCRNSEC BA0S031 Inline Changes BA60AFT.SVISECS BA0S032 Inline Changes BA0S039 Fix for Case 03632193 BA0S096 Fix for Case 03676155 BA60DDL.DDLGPTH BA0S027 Record length expanded BA0S033 Fix for Case 03630093 BA60UD0S.AAREADUD NEW FILE NEW FILE BA60UD0S.IGR6PV10 NEW FILE Implementation Guide BA60UD0S.SCNPSWDL NEW FILE Documentation File BA0S040 Documentation File BA0S042 Documentation File BA0S068 Documentation File BA60UD0S.V61004 NEW FILE NEW FILE BA0S043 Documentation File BA0S069 Documentation File