cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password Self Service Issue

Go to solution
Former Member

on ‎10-04-2012 12:18 PM

0 Kudos

Hi,

We're on GRC 5.3 & are using CUP for PSS (Password Self Service).

We've set the Questions under Challenge Response; however, if a user tries to login with another user's Network Id (no password is required), he's able to reset the other user's SAP password..

No Questions pop up either while reseting yours or another user's SAP password via PSS...

Please advise...

Thank you.

-S.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

koehntopp
Product and Topic Expert
Product and Topic Expert
‎10-04-2012 3:39 PM
0 Kudos

That's the way it's supposed to work.

I have to admit, I never liked the concept in the first place. You're basically replacing a complex password with "Blue", "Mary" and "Football", which doesn't look all too secure in my view.

It's also a support ("I can't remember my answers") and registration nightmare, plus the works council and data protection issues (your mothers maiden name is considered personal data which has legal implications).

In my projects we always used ActiveDirectory authentication to log in to password reset and reset the SAP password. If you also can't remember your windows password there should not be an electronic way (i.e. without personally going somewhere) to recover that.

Frank.

Show replies
Show replies
Former Member
‎10-09-2012 11:13 AM
0 Kudos

Thank you Frank

Yes...AD authentication would work best...

In our case, we found the Disable Verification for PSS selected, as a result of which the user wasn't being prompted to answer the Challenge Response Q's...

Thank you,

-S.

Answers (0)

Ask a Question