Symptom
Upon attempting to access the NetWeaver AS ABAP environment, if an unsuccessful logon attempt is performed for a user locked due to incorrect logon attempts (using user name and password), a message will be displayed which makes explicit reference to the fact that the user is locked.
This poses a perceived threat as there is confirmation that the user does indeed exist.
Read more...
Environment
NetWeaver AS ABAP for the below Basis releases and above:
700 All SPs;
710 All SPs;
711 All SPs;
701 All SPs;
702 All SPs;
730 All SPs;
720 All SPs;
731 until SP 07;
740 until SP 02.
Product
Keywords
brute, force, attack, login, parameters, password, locked, disclose, risk, security, concern , KBA , BC-SEC-LGN , Authentication , Product Enhancement
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.