This is a guest post from Joris van de Vis @jvis, on his upcoming Troopers talk. Additional credits go to: Robin Vleeschhouwer, and Fred van de Langenberg.
As presented at Troopers this year, ERP-SEC research has uncovered a set of potential default accounts related to the use of SAP Solution Manager. These default accounts might pose a big risk to your SAP supported business as some of them have wide authorisations. It is therefore important to check if they exist in your landscape and change the default passwords.
To check for the existence of the default accounts, please download the SAP transport and import it in a SAP system, for example the Development Solution Manager system. The tooling can perform the check in the local system, but also in remote systems via RFC for the existence of the specific default accounts. The contents of the transport can be checked in your SAP system as the source code is open.
To start the tooling please run SAP transaction ZESEC_SOLMAN_USERS. Make sure to first activate the webservice /sap/bc/webdynpro/sap/ZESEC_CHECK_SOLMAN_USR_PW in transaction SICF.
We would love to hear feedback on the tooling. Furthermore to get better insight in the number of affected customer we would appreciate your message to jvdvis AT erp-sec.com and hear whether default accounts where found or not.
P.S. This free tool is not a demo or a part of Protect4S, our SAP Security add-on. For more details on Protect4S please visit https://protect4s.com.