- SAP Community
- Products and Technology
- Additional Q&A
- GRC CUP 5.3 SP16.3 -Password self service limit
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC CUP 5.3 SP16.3 -Password self service limit
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 09-26-2011 2:12 PM
Hello Experts,
We came across the issue when integrating Password Self Service(PSS) via challenge response to ask users to answer 2 security questions that they self register the answers to. We noticed that users can even put only one character value in the answers to the security questions, and it accepts it and sends the user the re-set password info to re-log in to the sap backend system via email.
But this is not good bc the security answers should be at least a certain character length with a mixture of upper case ,lower case or numbers..but at least give us the capability to not allow one character answers for the challenge response questions. Is there any1 else who has also faced these issues and know if SAP provided any SAP notes or something to fix the issue. Otherwise, this is not secure enough to reset passwords via one character answers to the challenge response questions.
Thanks and Regards,
A
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
So, SAP stated that functionality is not available as of right now and to send an enhancement request. I'm surprised they didn't think of this when configuring PSS to ensure the challenge response questions would be well protected and would require at least min character length, etc..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Value disappeared in Enhanced Limit tab in PR in Enterprise Resource Planning Q&A
- Scheduled Report shows successful status; but Mail server never Receives... Where's the problem? in Technology Q&A
- Easy way to automate and configure the setup of a BTP account and Cloud Foundry using Terraform. in Technology Blogs by Members
- SAP S/4HANA Cloud Public Edition: Security Configuration APIs in Enterprise Resource Planning Blogs by SAP
- Activation of IAS in Technology Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.