Clik here to view.
Blocking issue after replacing a SSL certificate ok with a new SSL EV...
Dear Security Experts,I need your kind help in case you can support about a problem which is preventing us to use a quite critical (UK HMRC Gov site) web service based application which use to work...
View ArticleRe: Application not working on EHP7
There was a patch file missing on the ECC system and the same was uploaded to resolve this. Thanks,Yuvraj
View ArticleRe: Blocking issue after replacing a SSL certificate ok with a new SSL EV...
Currently checking following two notes: 1947917 - ADS SSL configuration with Basic Authentication:checking if possible to setup "Target Host" according to former conevntional use that worked ok 1835332...
View ArticleRe: Need to give REVOKE CLOSE option in CO02 only for selective users
Try attaching the action "revoke close" to a user-status and limit the status available to users via B_USERSTAT and B_USERSTAT_T
View ArticleWhy was the blog "Using metasploit to Search for vulnerable SAP Systems" removed
Hi all, recently there was a blog post by Lars Fasel on using metasploit to search for vulnerable SAP systems on the internet. However, this blog post has been removed, most likely by a moderator. For...
View ArticleRe: Identifying Characteristic based on Infocube
Kumar, You don't need to check the underlying Infocubes for authorization relevant InfoObjects. Just check for the multi-provider U_ABC_MFA01, the easiest way is to check it in RSECADMIN/RSECAUTH...
View ArticleEnd data Roles doesn't work
Hi gurus, We have some users that have functions that the validation date is expired (these functions belong to the production environment). However, even if the functions are outdated, the user is...
View ArticleRe: Identifying Characteristic based on Infocube
Kumar, its not a prudent idea to find an Auth Relevant Object based on InfoCubes - reason - most of the Queries pull data from multiple Cubes. Solution 1) Answer from ShivRaj2) Answer from Pankaj - to...
View ArticleRe: End data Roles doesn't work
You are going to have to provide more infos than this... By the sounds of it, it is an FI validation "exit" and not an authorization problem. Post the code in the validation routine. Cheers,Julius
View ArticleRe: Why was the blog "Using metasploit to Search for vulnerable SAP Systems"...
This time it was not me.. :-) I was only sent a copy of the blog when some discussion about it started between the moderators. The author apparently agreed that it would encourage the wrong sort of...
View ArticleRe: Why was the blog "Using metasploit to Search for vulnerable SAP Systems"...
You would expect with all the publications on SAP security (from a technical perspective), awareness within companies would grow and they give this the attention it needs. However, somehow you still...
View ArticleRe: Why was the blog "Using metasploit to Search for vulnerable SAP Systems"...
Hi Julius,thanks for the clarification. Christian
View ArticleRe: Why was the blog "Using metasploit to Search for vulnerable SAP Systems"...
Hi Lars, it is also my experience that security is generally a very low priority in SAP implementation projects. This is exactly the reason why I like your blog that showed and explained some very...
View ArticleRe: Why was the blog "Using metasploit to Search for vulnerable SAP Systems"...
Hi Lars It looks like Christian posted his comment before me but it's similar experience for me... you are right - quite a few SAP Security consultants come from authorisation only background and,...
View ArticleRe: Why was the blog "Using metasploit to Search for vulnerable SAP Systems"...
As a response to the original post, security is a continuous process of improvement, you may be at a level where certain aspects may appear lax and vulnerable. At the same time there are users and...
View ArticleRe: End data Roles doesn't work
It seems that there are functions coded in your system that are bypassing the upper layer of authorizations and CUA. Can you approach the developer of the code to run a check on the function and...
View ArticleHTTPS Webservice Consumer Proxy - SSL Error
Hello all ! I'm encountering an issue while testing the connection to a HTTPS WebserviceConsidering HTTPS and SSL have been installed correctly in our SAP system and the HTTPS is activated (green flag...
View ArticleCustomising in locked client.
Hi people, Im having some issues when it comes with locked clients, i recently created a Roadmap for a new Project in SOLMAN PRD. I first used RMAUTH to create the project (when client was open, since...
View ArticleRe: Why was the blog "Using metasploit to Search for vulnerable SAP Systems"...
There are good points being raised in this thread; and I think the need for better security of SAP systems and auditing of security specific configurations is well known…. by those of us on this...
View ArticleRe: S_USER_GRP showing in SU53 in non security related transactions
Hi, Even we are also facing same issue in our Production system from few days back. Can you tel exact reason for this. Plese guide me how to resolve this issue. Regards,Divya.
View Article