Skip to Content

Nice to see the community has started discussing the security loopholes with open heart; after all it is being done with good intention to improve the product. Thanks to Carlos Gonzalez  for his blog about showing how SAI_AE_DETAILS_GET can used to find PIISUSER’s password and here I am with my findings to get password in some other way.

1. Open http://host:port/MessagingSystem

2. Check Received Messages and then the details.


3.Here you have base 64 encoded username:password in Transport Header.


4.After you decode UElJU1VTRVI6c3RhcnQyMDEw you finally get the password PIISUSER:start2010.

It means even restricting the access to SE37(FM SAI_AE_DETAILS_GET) won’t actually help and having different passwords for various service users seem only solution to be more safe and secure.

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Pavan kumar



    Nice blog,I think this was fixed after release PI711 SP04.

    I checked in PI711 SP06 and don’t find the encoded password.Attached screen shot for reference.




Leave a Reply