on 10-04-2012 12:18 PM
Hi,
We're on GRC 5.3 & are using CUP for PSS (Password Self Service).
We've set the Questions under Challenge Response; however, if a user tries to login with another user's Network Id (no password is required), he's able to reset the other user's SAP password..
No Questions pop up either while reseting yours or another user's SAP password via PSS...
Please advise...
Thank you.
-S.
That's the way it's supposed to work.
I have to admit, I never liked the concept in the first place. You're basically replacing a complex password with "Blue", "Mary" and "Football", which doesn't look all too secure in my view.
It's also a support ("I can't remember my answers") and registration nightmare, plus the works council and data protection issues (your mothers maiden name is considered personal data which has legal implications).
In my projects we always used ActiveDirectory authentication to log in to password reset and reset the SAP password. If you also can't remember your windows password there should not be an electronic way (i.e. without personally going somewhere) to recover that.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.