Hello,

naturally the password is stored in the database using a one-way hash. There is no decrypt-algorithm which can be used to decrypt such an hash value.

Regards, Uwe

The passwords in USR02 are scrambled by a one way hash function. Given enough computing power you could possibly brute-force it but given the time required to run the permutations it is probably easier to ask the administrator to reset the password.

Considering how many people have access to SE16 and usually USR02, it's important for there to be a higher than trivial protection on the passwords.

Yes it is a one way hash to the passwords that are stored in USR02 however in versions 4.6 and below it's relatively easy to brute for the passwords.

This is due to the following:

Passwords hash values are stored in tables which are viewable by many users in the system.

Not case sensitive up to version 4.6

Limited to 8 uppercase characters up to version 4.6

The hash algorithms are week up to version 4.6.

There are many back doors into an SAP system. Depending on authorization level there are ways to write and execute code undetected.

The dictionary and brute for attacks are not detected by the system and thus will not set-off a warning or lock the user (if written correctly).

There is a plug in to a popular password cracking program for SAP--although it's not generally available.

After SAP NetWeaver 6.40, the password hash algorithm will be changed from MD5 to SHA-1 and there are a large number of other password related changes that make new versions much more difficult to crack/hack.

Cheers,

Ben