Case Study #006.02

Scenario

The login/no_automatic_user_sapstar parameter is set to '0'.

Impact

This parameter controls the automatic creation of the SAP* user. A value of '0' causes the SAP* user to be created with its default password for initial use. Hackers or attackers can easily exploit this default password. Since the SAP* user has the SAP_ALL authorization, compromising this account can lead to significant damage to the system.

DefenceMore OCA Capabilities

Defencemore OCA's P001 control reviews all password-related parameters configured in the system and lists those that are not suitable for secure use. The P005 control checks the passwords assigned to predefined users and lists any accounts using known default passwords. Additionally, the P002 control prevents commonly used passwords from being assigned to users.

Related Checks

• P001 Password Parameters Check
• P005 Standard User Password
• P002 Password Exception List