Re: R12 - FNDCPASS works without the correct system password.
- From: <contact@xxxxxxxxxxxxxxxxxx>
- To: <ora-apps-dba@xxxxxxxxxxxxx>
- Date: Wed, 22 Apr 2009 19:18:51 +0100
Haven't tried this yet but if it is true, that's a major security risk
----- Original Message -----
From: Mrinal Patowary
To: ora-apps-dba@xxxxxxxxxxxxx
Sent: Wednesday, April 22, 2009 10:42 AM
Subject: R12 - FNDCPASS works without the correct system password.
Hello List,
It seems FNDCPASS works without putting in the correct system password
in 12.0.4
$ FNDCPASS apps/upg1bld3dev 0 Y system/manager USER NDHA000 abcd1234
Log filename : L615573.log
Report filename : O615573.out
$ cat L615573.log
+---------------------------------------------------------------------------+
Application Object Library: Version : 12.0.0
Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved.
module:
+---------------------------------------------------------------------------+
Current system time is 22-APR-2009 02:46:38
+---------------------------------------------------------------------------+
+---------------------------------------------------------------------------+
Concurrent request completed successfully
Current system time is 22-APR-2009 02:46:39
+---------------------------------------------------------------------------+
manager is not the correct password for system and we were able to
login with the new password
Does this happens in your environment too?
Thanks,
Mrinal.
------------------------------------------------------------------------------
Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! Edition *
Click here!
Other related posts:
