Vulnerability Discussion
If cached authentication information is out of date, the validity of the authentication information may be questionable.
Check
If the Mainframe Product has no function or capability for user logon, this is not applicable.
If the Mainframe Product employs an external security manager for all account management functions, this is not applicable.
Examine user account management configurations.
If the Mainframe Product is configured to prohibit the use of cached authenticators after one hour, this is not a finding.
Fix
Configure the Mainframe Product account management settings to prohibit the use of cached authenticators after one hour.