Customer Advisory Voltage Simple API 5.30 and z/Protect 8.1.x

  • KM03582153
  • 21-Jan-2020
  • 21-Jan-2020

Summary

Simple API 5.30 and z/Protect 8.1.x and FPE2 Data Protection Types

Reference

Customer Advisory - November 6, 2019

 

 

Title: Simple API 5.30 and z/Protect 8.1.x and FPE2 Data Protection Types
Summary: Simple API 5.30 and z/Protect 8.1.x allow unsupported use of FPE2 and FPH for formats other than Variable Length Strings.
Risk: Low Likelihood of occurrence: Low        Severity of impact:  Low
Problem: Simple API 5.30 and z/Protect 8.1.x in conjunction with SecureData Appliance 6.9 inadvertently exposes support for Format-Preserving Encryption 2 (FPE2) and Format-Preserving Hash (FPH) data protection algorithms for formats beyond variable length strings (VLS), often referred to as “Hyper-VLS”.  These combinations of data protection type and data format are only officially supported with Simple API 6.0 but are not actively blocked by Simple API 5.30 or z/Protect 8.1.x.  Production applications that implement FPE2 and FPH outside of VLS should only be deployed with Simple API 6.0 or an upcoming version of z/Protect.
Discovery: Internal
Cause: A bug in feature versioning logic allows implementation unsupported features.
Impact: Unsupported combinations of data protection type and data format are not blocked by Simple API 5.30 or z/Protect 8.1.x in conjunction with SecureData 6.9 and could be implemented in client application code using these releases.
Solution: Additional FPE2 and FPH data protection types with credit card, social security number, date, number, and SFS formats should be implemented and deployed with Simple API 6.0 client applications or an upcoming version of z/Protect.
Workaround: N/A
Recommendation: For client applications requiring FPE2/FPH and formats beyond VLS, implement and deploy solutions built with Simple API 6.0 or an upcoming version of z/Protect.  See the Simple API 6.0 release notes, and the SecureData Appliance 6.9 release notes for discussion of this new functionality.
Products Affected: Simple API 5.30 and z/Protect 8.1.x
Obtaining Support: If you require technical assistance with this issue, please contact
Micro Focus Voltage Customer Support
(Phone) https://mysupport.microfocus.com/web/softwaresupport/document/-/facetsearch/document/KM00006
(Chat) https://mysupport.microfocus.com/web/softwaresupport/chat-language-selection
(MySupport Web Portal) https://mysupport.microfocus.com/
(Internet) https://www.microfocus.com/support-and-services/contact-support/
Date: November 4, 2019
Document ID: MF-VOLT-CA-201904