Haven't tried this yet but if it is true, that's a major security risk ----- Original Message ----- From: Mrinal Patowary To: ora-apps-dba@xxxxxxxxxxxxx Sent: Wednesday, April 22, 2009 10:42 AM Subject: R12 - FNDCPASS works without the correct system password. Hello List, It seems FNDCPASS works without putting in the correct system password in 12.0.4 $ FNDCPASS apps/upg1bld3dev 0 Y system/manager USER NDHA000 abcd1234 Log filename : L615573.log Report filename : O615573.out $ cat L615573.log +---------------------------------------------------------------------------+ Application Object Library: Version : 12.0.0 Copyright (c) 1979, 1999, Oracle Corporation. All rights reserved. module: +---------------------------------------------------------------------------+ Current system time is 22-APR-2009 02:46:38 +---------------------------------------------------------------------------+ +---------------------------------------------------------------------------+ Concurrent request completed successfully Current system time is 22-APR-2009 02:46:39 +---------------------------------------------------------------------------+ manager is not the correct password for system and we were able to login with the new password Does this happens in your environment too? Thanks, Mrinal. ------------------------------------------------------------------------------ Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! Edition * Click here!