Skip to Content
Author's profile photo Sunil Chandra

Another way to find piisuser’s password

Nice to see the community has started discussing the security loopholes with open heart; after all it is being done with good intention to improve the product. Thanks to Carlos Gonzalez  for his blog about showing how SAI_AE_DETAILS_GET can used to find PIISUSER’s password and here I am with my findings to get password in some other way.

1. Open http://host:port/MessagingSystem

2. Check Received Messages and then the details.


3.Here you have base 64 encoded username:password in Transport Header.


4.After you decode UElJU1VTRVI6c3RhcnQyMDEw you finally get the password PIISUSER:start2010.

It means even restricting the access to SE37(FM SAI_AE_DETAILS_GET) won’t actually help and having different passwords for various service users seem only solution to be more safe and secure.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member


      This security hole has been closed in PI 7.3x.


      William Li

      Author's profile photo Sunil Chandra
      Sunil Chandra
      Blog Post Author

      thats great.. thanks for the information Bill..

      Author's profile photo Michal Klima
      Michal Klima


      any plans to fix older versions?



      Author's profile photo Prateek Raj Srivastava
      Prateek Raj Srivastava

      I can't see base64 encoded password on PI 7.11 Sp 08. Which PI version are you on?


      Prateek Raj Srivastava

      Author's profile photo Sunil Chandra
      Sunil Chandra
      Blog Post Author

      Hi Prateek,

      I checked on PI 7.11 SP04 and PI 7.0 SP 14.


      Sunil Chandra

      Author's profile photo Pavan kumar
      Pavan kumar



      Nice blog,I think this was fixed after release PI711 SP04.

      I checked in PI711 SP06 and don't find the encoded password.Attached screen shot for reference.