SAGESSE-TECH : Handling Standard Users to secure SAP Systems
Sükrü Ilker BIRAKO?LU
Managing Partner - CTO @ SAGESSE TECH / Securing SAP and other ERP Systems with state-of-the art products and solutions
The SAP ERP software is delivered with standard users. These are created automatically when the system is installed. The standard users are:
These standard users represent a risk: firstly, they are anonymous and thus violate the identity principle; secondly, they are equipped with wide-ranging authorizations (in some cases, even unlimited).
The SAP* user is intended for the installation phase and is available as standard in clients 000, 001, and in every new client created. In older SAP releases, the SAP* user had the widely known password 06071992, and with effect from ERP 6.0 with ECC 6.0, the initial password is “pass.” The situation is similar for the SAPCPIC user, which is delivered with the standard password “admin.”
You can check the standard passwords for the standard users with program RSUSR003. Table USR02 also provides audit-relevant information (Status of User Lock and Number of Incorrect Logons fields).
The program runs the analysis for all clients; this is absolutely essential from an audit perspective: with the far-reaching authorizations of, for example, SAP*, it is possible to make system changes that take effect for all clients.
领英推荐
You can use the profile parameter Login/no_automatic_user_sapstarto make the standard user SAP* “less powerful.” The SAP* user is firmly anchored in the ABAP source code of an SAP system. Deleting this user (for example, with transaction SU01, User Maintenance) means that you can use it to log on with the initial password PASS.
SAP* then has the following properties:
From an audit perspective, the target value of the profile parameter mentioned is “1” (automatic user SAP* is deactivated) – meaning that deleting the SAP* user presents no risks.
SAGESSE TECH, global SAP Security / Oracle Security / ERP Security company from TüRKIYE, is providing an SAP PenTest Framework which controls these kinds of vulnerabilities and much more in your SAP Systems. You can contact SAGESSE TECH(E-mail : [email protected]?or?[email protected]?) if you would like to have a Vulnerability Scanning and PenTest on your SAP Systems.
LogPoint is developing SAP Threat Detection, Monitoring and Response solutions based on R&D Efforts of SAGESSE TECH. LogPoint Converged SIEM Platform is providing dashboards which monitor activities of SAP Standard Users in Systems and also issue alerts in case suspicious activities are executed by SAP Standard Users. You can receive more information about LogPoint Solutions using the link below :