PI 7.31 : Java properties comparision. A security Hole?
Most of you are aware of the new feature called : Compare systems in PI 7.31 which helps to identify the differences between the systems + various system properties. I just love this feature 🙂
But you could easily get the passwords of all PI service users such as PIISXXX, PIDIRXXX, PIREPXXX etc.
The comparison result listed the passwords in free text 🙁
Even though the user has J2EE_ADMIN rights, he/she should not be able to see any system passwords . Please correct me if I am wrong.
Probably something for SAP to fix ???
Share your thoughts