/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Upon attempting to access the NetWeaver AS ABAP environment, if an unsuccessful logon attempt is performed for a user locked due to incorrect logon attempts (using user name and password), a message will be displayed which makes explicit reference to the fact that the user is locked.
This poses a perceived threat as there is confirmation that the user does indeed exist.
Read more...
Environment
NetWeaver AS ABAP for the below Basis releases and above:
700 All SPs;
710 All SPs;
711 All SPs;
701 All SPs;
702 All SPs;
730 All SPs;
720 All SPs;
731 until SP 07;
740 until SP 02.
Product
Keywords
brute, force, attack, login, parameters, password, locked, disclose, risk, security, concern , KBA , BC-SEC-LGN , Authentication , Product Enhancement
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)