[10427] in bugtraq
JDEdwards application passwords
daemon@ATHENA.MIT.EDU (Stout, Bill)
Mon May 3 19:30:20 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <33C5AB9085E1D1119AB90000F89CBC7E05D94275@PIOUSHQNTMAIL1.PIOS.COM>
Date: Mon, 3 May 1999 15:09:11 -0400
Reply-To: "Stout, Bill" <StoutB@PIONEER-STANDARD.COM>
From: "Stout, Bill" <StoutB@PIONEER-STANDARD.COM>
To: BUGTRAQ@NETSPACE.ORG
Anyone have experience with JDEdwards applications(WorldVision/OneWorld)?
The user JDE password JDE is written into multiple places in config files,
and is typically installed with SECOFR priviledges for AS/400s (DB2), or
admin priviledges in NT/UNIX Oracle/SQLserver databases. Changing the
password for user JDE breaks the application, since the password is coded
into multiple places, possibly compiled. I've been told that it's not
trivial to tighten this properly, and typically is not done.
I can't believe this can't be configured securely. Any experience with
this?
Bill Stout
