PI 7.31 : Java properties comparision. A security Hole?

Most of you are aware of the new feature called : Compare systems in PI 7.31 which helps to identify the differences between the systems + various system properties. I just love this feature 🙂

But you could easily get the passwords of all PI service users such as PIISXXX, PIDIRXXX, PIREPXXX etc.

The comparison result listed the passwords in free text 🙁

Even though the user has J2EE_ADMIN rights, he/she should not be able to see any system passwords . Please correct me if I am wrong.

Probably something for SAP to fix ???

Share your thoughts