Security Note: WD Client Java – logon issue
[client] [client security] [logon] [logon loader] [logon.scr] [Security] [WD]
Symptom
Security Note: A security issue was found in the portal’s WD Java client to run WD Java applications.
If the password for ‘administrator’ is set to ‘abc123′, users of the Web Dynpro Java client may connect unintentionally, in certain system configurations, to the Web Dynpro back end when using the ‘administrator’ account.
Other terms
Security, WD client, Java, WDJ, Web Dynpro, Client, username, password, credentials, SmartClient
Reason and Prerequisites
- NW04s 645 SP05
- NW04s 645 SP06
- NW04s 645 SP07
- NW04s 645 SP08
- NW04s 645 SP09
- NW04s 645 SP10
- NW04s 645 SP11
- NW04s 645 SP12
- NW04s 645 SP13
- NW04s 645 SP14
- NW04s 645 SP15
- NW04s 645 SP16
- NW04s 645 SP17
- NW04s 645 SP18
- NW04s 701 SP00
- NW04s 701 SP01
- NW04s 701 SP02
- NW04s 701 SP03
Solution
Make sure that your ‘administrator’ account uses a strong password and never a commonly used one, such as ‘abc123′, or apply the indicated SPs:
This will be fixed in the following versions:
- NW04s 645 SP19 and above
- NW04s 701 SP04 and above
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}