February 22, 2013

SAP Unknown Default Password for TMSADM


Authors: Dmitry Gutsko, Positive Research
SAP default passwords are nothing new. The top five default passwords are presented in many books and articles on security issues. One would hardly find anything new on this topic.
Carrying out SAP security audit for a client, we came across an unknown password of the user TMSADM. The password was displayed by the system itself: during the default accounts analysis, the following results were obtained in the known report RSUSR003.








The default password for TMSADM — PASSWORD — really is well known, but this is the first time I have seen the password $1Pawd2&. Let's sort it out...
The first thing that comes to your mind is to search on the Internet. Google gives two references. The SAP website, six. None of them clarifies the matter: the mysterious password is mainly discovered in published fragments of the ABAP code.


Apparently, we should look for the answers in the code. We open the source code of the report RSUSR003 and have no difficulty in finding the message we've seen on the screen before (message 028).













We also find default passwords hashes that are implemented to the program source text. Interestingly enough that there are two groups of hashes for the user TMSADM: one for the password PASSWORD and another for $1Pawd2&. Here they are (they might be useful for audit, penetration testing etc.).

*  EARLYWATCH
   lc_ewa 
TYPE xucode VALUE '13C810002A147DEE',
   lc_ewb 
TYPE xucode VALUE 'BD5E494D3ECBF5E2',
   lc_ewd 
TYPE xucode VALUE '573822832DF89B9C',
   lc_ewe 
TYPE xucode VALUE 'B3ADDFE95DCD036F',
   lc_ewf1 
TYPE hash160x VALUE '924127D88EE3C1820A2C88495EC4825E819C9249',
   lc_ewf2 
TYPE hash160x VALUE '760293CCD7AC111298A7AC70D3304242E442320F',
*  CPIC
   lc_cpa 
TYPE xucode VALUE 'FC49DBF6F3FDCF36',
   lc_cpb 
TYPE xucode VALUE '7D806C248F03813D',
   lc_cpd 
TYPE xucode VALUE '35C7AB28316EA22F',
   lc_cpe 
TYPE xucode VALUE '5A5F45726821A147',
   lc_cpf1 
TYPE hash160x VALUE '57CF364A7D83FA563025C7BCFFFB3B579DFB23F3',
   lc_cpf2 
TYPE hash160x VALUE '38AE55102813F3BBBC3B3BCA09285ED5A9E0423F',
*  DDIC
   lc_dda 
TYPE xucode VALUE '5FA752863FB70BA9',
   lc_ddb 
TYPE xucode VALUE '61D26428640DBAB5',
   lc_ddd 
TYPE xucode VALUE 'DCA44BB71C073A05',
   lc_dde 
TYPE xucode VALUE '08FA7683A46D9AA9',
   lc_ddf 
TYPE hash160x VALUE '905F5E6CE67B7C60D0F7BA9C4063AAF0D8602B45',
*  SAP*
   lc_saa 
TYPE xucode VALUE 'C75E6D9600AB5710',
   lc_sab 
TYPE xucode VALUE 'D0BFF4276DA1E208',
   lc_sad 
TYPE xucode VALUE 'A83ECB9EC4D34C08',
   lc_sae 
TYPE xucode VALUE '95984B6A25BA20E9',
   lc_saf 
TYPE hash160x VALUE '8948310AF768FA9061598E8F68FD144CE65B7480',
*  TMSADM (PW1)
   lc_tms1a 
TYPE xucode VALUE '7671D2F2729F27F0',
   lc_tms1b 
TYPE xucode VALUE '942B9DC0F2394D85',
   lc_tms1d 
TYPE xucode VALUE '7C6433CE69099272',
   lc_tms1e 
TYPE xucode VALUE '940BAB0E12A36DC2',
   lc_tms1  
TYPE hash160x VALUE 'C9AA19DA354DC8397D7AC8EA8B4C04DF49CB58FF',
*  TMSADM (PW2)
   lc_tms2a 
TYPE xucode VALUE '05CB79BE189802A0',
   lc_tms2b 
TYPE xucode VALUE 'B7E2F82C0A3E54C4',
   lc_tms2d 
TYPE xucode VALUE '4DD4438D3C19138C',
   lc_tms2e 
TYPE xucode VALUE 'D527A90BC0CAF484',
   lc_tms2  
TYPE hash160x VALUE 'A6BF38EE57F90B78C8D88A5212BBF1BA9A966ABB'

Note. There are 5 hashes for every account: one for every hashing algorithm used in SAP (A, B, D, E, F). Some accounts (CPIC, EARLYWATCH) each have two password hashes for the F algorithm: for passwords in upper and lower case.
Now we can remember that there was no information on the transport management system user TMSADM in previous versions of the RSUSR003 report. As we can see, there's no such account in the analysis results output.




Apparently, the report has recently been revised and new versions contain information on default passwords and TMSADM password. It has been revised... And a new unknown password has appeared. Checking. Let's see the very beginning of the source code: it usually has information on updates and amendments that were made.







The very last update of the source code is related to adding user checks. For more information let's see the note (issued in a month following the code changing, on April 27, 2011).






Everything is confirmed. In early 2011, SAP developers made changes to the report RSUSR003, added checks for the user TMSADM providing two possible passwords: PASSWORD and $1Pawd2&.

Conclusions we can draw: 
  1. While carrying out the SAP systems security audit, the existence of another default password for TMSADM should be taken into account. Make sure that the used password differs from the two default passwords. (Password $1Pawd2& was discovered in 2 of our test benches, so it can be easily found in your system.)
  2. Specialists responsible for the security of their own SAP systems should implement note 1552894 to make sure default passwords for the system users were changed, including the one for the user TMSADM.

314 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. SAP Security training is available in three dissimilar etiquette of tactics. Many individuals often select the training where they are being trained in the standard classrooms. Besides this kind, there are learners who believes internet or Online training of SAP Security readily overthrows the class-room one with regard to effectiveness. Though this difference of opinion about the categorisation is extremely comprehensible. And there's a small fraction of people that acquire
    sap security online training

    through complete reliance over diverse study resources, like outlines, notes, tapes etc. There are commendably high amount of tutorials and demonstrators available too within the net, as well as on various media libraries.

    The way as the outcome of the SAP Security instruction is considered, you shall be convincingly assured of its extraordinarily high advantageous nature and values. There isn't any second opinion the training could give a considerably welcomed boost to your professional livelihood. There is likely to be whole lot of IT jobs attainable for you 'at your toes'.

    ReplyDelete
  3. SAP security online training Protection is just a word you notice related to computers daily.
    Since many businesses are preserving sensitive enterprise information in data bases,
    someone needs to secure this information and oversee those who have use of it.


    http://hyderabadsys.com/sap-security-online-training/

    ReplyDelete

  4. SAP security online training Protection is just a word you notice related to computers daily.
    Since many businesses are preserving sensitive enterprise information in data bases,
    someone needs to secure this information and oversee those who have use of it.
    SAP is multinational software development company, and business consulting firm situated in Germany.

    sap security online training





    #201, NEAR BY RTA OFFICE,

    KONDAPUR, HITECH CITY,

    HYDERABAD,

    500084,

    INDIA.

    jerry

    hyderabad

    500084

    9030400777

    ReplyDelete
  5. We have two domains. Domain A has 3 systems, and domain B has 4 systems. We would like to link both domains. Domain A has the version 7.31 and domain B has version 701. If I use a new standard password in domain A it doesn’t work because they have different versions, so we have to program it with the old password so that we don’t have any problem.

    In domain A the user password TMSADM is standard and I would like to change it. Is there any way to program an own password in domain A keeping the old password in domain B so as everything will work correctly? If this is not an option, is there any way to program an own password in domain A and another own password in domain B, and have them work properly when linked? If any of these options is possible, I would thank you if you would explain how could I do it.

    Thank you.

    ReplyDelete
  6. Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Online SAP Security Training with free Demo class in USA | UK | INDIA | SINGAPORE

    This Will Helps you allot.

    ReplyDelete
  7. Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Online SAP Security Training with free Demo class in USA | UK | INDIA | SINGAPORE

    This Will Helps you allot.

    ReplyDelete
  8. Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Best Online SAP Security Training by IT Professional Trainers

    This Will Helps you aalot.

    ReplyDelete
  9. Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Best Online SAP Security Training by IT Professional Trainers

    This Will Helps you aalot.

    ReplyDelete
  10. Great Information admin thanks For Your Information and Any body wants
    learn SAP SNC through Online for Details Please go through the Link

    Best Online SAP SNC Training by IT Professional Trainers

    This Will Helps you aalot.

    ReplyDelete
  11. This comment has been removed by the author.

    ReplyDelete
  12. Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Online SAP Security Training with free Demo class in USA | UK | INDIA | SINGAPORE

    This Will Helps you allot.

    ReplyDelete
  13. Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Best Online SAP Security Training by IT Professional Trainers

    This Will Helps you aalot.

    ReplyDelete
  14. Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Best Online SAP Security Training by IT Professional Trainers

    This Will Helps you aalot.

    ReplyDelete
  15. Great Information admin thanks For Your Information and Any body wants
    learn SAP GRC through Online for Details Please go through the Link

    Best Online SAP GRC Training by IT Professional Trainers

    This Will Helps you aalot.

    ReplyDelete
  16. Great Information admin thanks For Your Information and Any body wants
    learn SAP APO through Online for Details Please go through the Link

    Best Online SAP APO Training by IT Professional Trainers

    This Will Helps you aalot.

    ReplyDelete
  17. We are announcing greatly that we are presenting Teksonit Online Institute all
    over the world for all courses.So Our teaching techniques are very unique when
    compare to the other.Great Information admin thanks For Your Information and Any body wants
    learn SAP Security through Online for Details Please go through the Link

    Online SAP Security Training with free Demo class in USA | UK | INDIA | SINGAPORE

    This Will Helps you allot.

    ReplyDelete
  18. We are announcing greatly that we are presenting Teksonit Online Institute all
    over the world for all courses.So Our teaching techniques are very unique when
    compare to the other.Great Information admin thanks For Your Information and Any body wants
    learn SAP APO through Online for Details Please go through the Link

    Online SAP APO Training with free Demo class in USA | UK | INDIA | SINGAPORE

    This Will Helps you allot.

    ReplyDelete
  19. We are announcing greatly that we are presenting Teksonit Online Institute all
    over the world for all courses.So Our teaching techniques are very unique when
    compare to the other.Great Information admin thanks For Your Information and Any body wants
    learn SAP APO through Online for Details Please go through the Link

    Online SAP APO Training with free Demo class in USA | UK | INDIA | SINGAPORE

    This Will Helps you allot.

    ReplyDelete
  20. Hi sir, this is very useful information of SAP learners sap mm online training

    ReplyDelete
  21. This comment has been removed by the author.

    ReplyDelete
  22. Hi sir, thanks for providing information sap mm online training
    most useful for E learners.

    ReplyDelete
  23. i hope learned to lof of information.Hadoop Training in chennai....Thanks for that..Hadoop Training in chennai...Nice Blogs!!!

    ReplyDelete
  24. I got a job by saying this answer in my last interview. thanks for awesome help. I got more idea about Java from Besant Technologies. If anyone wants to get Java Training in Chennai visit Besant Technologies.
    java-training-institute-in-chennai
    java-training-institute-in-chennai

    Thanks to Review........
    reviews-complaints-testimonials

    ReplyDelete
  25. This is a well written sap grc article on this subject. I have been looking at starting a new business and this is valuable information to help me in my decision. Thank you. If you have any details about SAP GRC ONLINE TRAINING please click on bellow linkSAP GRC ONLINE TRAINING

    ReplyDelete
  26. Thank you sir,It is nice and more informative. We are providing online training on & for

    more info: sap wm online training

    it gives the career plan. It is in simple language and understandable to all freshers.

    ReplyDelete
  27. By means of these kinds of methods, the particular obsessive server jobs seeker will discover every one of the facts in order to program an effective cv and a profitable occupation interview as well.

    ReplyDelete
  28. This comment has been removed by the author.

    ReplyDelete



  29. This is the information that I was looking for.. Thanks for the efforts you put to gather such a nice content and posted here.
    http://www.iqonlinetraining.com/sap-security-online-training/

    ReplyDelete
  30. After reading this post I got an idea about on this note.Really something grate in this article ,Thanks for sharing this. We are providing SAP courses training online. After reading this slightly am changed my way of introduction about my training to people. To know more Visit Us SAP PM Online Training Course

    ReplyDelete
  31. ava is one of the popular technologies with improved job opportunity for hopeful professionals. Java Training in Chennai helps you to study this technology in details.If you are looking for best Java Training Institutes in Chennai reach Fita academy.

    ReplyDelete
  32. Thanks for sharing this informative blog.. If anyone want to get HTML5 Training in Chennai please visit FITA academy located at Chennai, Velachery. Rated as No.1 training and placement academy in Chennai.

    ReplyDelete
  33. This comment has been removed by a blog administrator.

    ReplyDelete
  34. This comment has been removed by a blog administrator.

    ReplyDelete
  35. This comment has been removed by a blog administrator.

    ReplyDelete
  36. This comment has been removed by a blog administrator.

    ReplyDelete
  37. This comment has been removed by a blog administrator.

    ReplyDelete
  38. This comment has been removed by a blog administrator.

    ReplyDelete
  39. This comment has been removed by a blog administrator.

    ReplyDelete
  40. This comment has been removed by a blog administrator.

    ReplyDelete
  41. This comment has been removed by a blog administrator.

    ReplyDelete
  42. This comment has been removed by a blog administrator.

    ReplyDelete
  43. This comment has been removed by a blog administrator.

    ReplyDelete
  44. This comment has been removed by a blog administrator.

    ReplyDelete
  45. This comment has been removed by a blog administrator.

    ReplyDelete
  46. This comment has been removed by a blog administrator.

    ReplyDelete
  47. This comment has been removed by a blog administrator.

    ReplyDelete
  48. This comment has been removed by a blog administrator.

    ReplyDelete
  49. This comment has been removed by a blog administrator.

    ReplyDelete
  50. This comment has been removed by a blog administrator.

    ReplyDelete
  51. This comment has been removed by a blog administrator.

    ReplyDelete
  52. This comment has been removed by a blog administrator.

    ReplyDelete
  53. This comment has been removed by a blog administrator.

    ReplyDelete
  54. This comment has been removed by a blog administrator.

    ReplyDelete
  55. This comment has been removed by a blog administrator.

    ReplyDelete
  56. This comment has been removed by a blog administrator.

    ReplyDelete
  57. This comment has been removed by a blog administrator.

    ReplyDelete
  58. This comment has been removed by a blog administrator.

    ReplyDelete
  59. This comment has been removed by a blog administrator.

    ReplyDelete
  60. This comment has been removed by a blog administrator.

    ReplyDelete
  61. This comment has been removed by a blog administrator.

    ReplyDelete
  62. This comment has been removed by a blog administrator.

    ReplyDelete
  63. This comment has been removed by a blog administrator.

    ReplyDelete
  64. This comment has been removed by a blog administrator.

    ReplyDelete
  65. This comment has been removed by a blog administrator.

    ReplyDelete
  66. This comment has been removed by a blog administrator.

    ReplyDelete
  67. This comment has been removed by a blog administrator.

    ReplyDelete
  68. This comment has been removed by a blog administrator.

    ReplyDelete
  69. This comment has been removed by a blog administrator.

    ReplyDelete
  70. This comment has been removed by a blog administrator.

    ReplyDelete
  71. This comment has been removed by a blog administrator.

    ReplyDelete
  72. This comment has been removed by a blog administrator.

    ReplyDelete
    Replies
    1. This comment has been removed by a blog administrator.

      Delete
    2. This comment has been removed by a blog administrator.

      Delete
  73. This comment has been removed by a blog administrator.

    ReplyDelete
  74. This comment has been removed by a blog administrator.

    ReplyDelete
  75. This comment has been removed by a blog administrator.

    ReplyDelete
  76. This comment has been removed by a blog administrator.

    ReplyDelete
  77. This comment has been removed by a blog administrator.

    ReplyDelete
  78. This comment has been removed by a blog administrator.

    ReplyDelete
  79. This comment has been removed by a blog administrator.

    ReplyDelete
  80. This comment has been removed by a blog administrator.

    ReplyDelete
  81. This comment has been removed by a blog administrator.

    ReplyDelete
  82. This comment has been removed by a blog administrator.

    ReplyDelete
  83. This comment has been removed by a blog administrator.

    ReplyDelete
  84. This comment has been removed by a blog administrator.

    ReplyDelete
  85. This comment has been removed by a blog administrator.

    ReplyDelete
  86. This comment has been removed by a blog administrator.

    ReplyDelete
  87. This comment has been removed by a blog administrator.

    ReplyDelete
  88. This comment has been removed by a blog administrator.

    ReplyDelete
  89. This comment has been removed by a blog administrator.

    ReplyDelete
  90. This comment has been removed by a blog administrator.

    ReplyDelete
  91. This comment has been removed by a blog administrator.

    ReplyDelete
  92. This comment has been removed by a blog administrator.

    ReplyDelete
  93. This comment has been removed by a blog administrator.

    ReplyDelete
  94. This comment has been removed by a blog administrator.

    ReplyDelete
  95. This comment has been removed by a blog administrator.

    ReplyDelete
  96. This comment has been removed by a blog administrator.

    ReplyDelete
  97. This comment has been removed by a blog administrator.

    ReplyDelete
  98. This comment has been removed by a blog administrator.

    ReplyDelete
  99. This comment has been removed by a blog administrator.

    ReplyDelete
  100. This comment has been removed by a blog administrator.

    ReplyDelete
  101. This comment has been removed by a blog administrator.

    ReplyDelete
  102. This comment has been removed by a blog administrator.

    ReplyDelete
  103. This comment has been removed by a blog administrator.

    ReplyDelete
  104. This comment has been removed by a blog administrator.

    ReplyDelete
  105. This comment has been removed by a blog administrator.

    ReplyDelete
  106. This comment has been removed by a blog administrator.

    ReplyDelete
  107. This comment has been removed by a blog administrator.

    ReplyDelete
  108. This comment has been removed by a blog administrator.

    ReplyDelete
  109. This comment has been removed by a blog administrator.

    ReplyDelete
  110. This comment has been removed by a blog administrator.

    ReplyDelete
  111. This comment has been removed by a blog administrator.

    ReplyDelete
  112. This comment has been removed by a blog administrator.

    ReplyDelete
  113. This comment has been removed by a blog administrator.

    ReplyDelete
  114. This comment has been removed by a blog administrator.

    ReplyDelete
  115. This comment has been removed by a blog administrator.

    ReplyDelete
  116. This comment has been removed by a blog administrator.

    ReplyDelete
  117. This comment has been removed by a blog administrator.

    ReplyDelete
  118. This comment has been removed by a blog administrator.

    ReplyDelete
  119. This comment has been removed by a blog administrator.

    ReplyDelete
  120. This comment has been removed by a blog administrator.

    ReplyDelete
  121. This comment has been removed by a blog administrator.

    ReplyDelete
  122. This comment has been removed by a blog administrator.

    ReplyDelete
  123. This comment has been removed by a blog administrator.

    ReplyDelete
  124. This comment has been removed by a blog administrator.

    ReplyDelete
  125. This comment has been removed by a blog administrator.

    ReplyDelete
  126. This comment has been removed by a blog administrator.

    ReplyDelete
  127. This comment has been removed by a blog administrator.

    ReplyDelete
  128. This comment has been removed by a blog administrator.

    ReplyDelete
  129. This comment has been removed by a blog administrator.

    ReplyDelete
  130. This comment has been removed by a blog administrator.

    ReplyDelete
  131. This comment has been removed by a blog administrator.

    ReplyDelete
  132. This comment has been removed by a blog administrator.

    ReplyDelete
    Replies
    1. This comment has been removed by a blog administrator.

      Delete
  133. This comment has been removed by a blog administrator.

    ReplyDelete
  134. This comment has been removed by a blog administrator.

    ReplyDelete
  135. This comment has been removed by a blog administrator.

    ReplyDelete
  136. This comment has been removed by a blog administrator.

    ReplyDelete
  137. This comment has been removed by a blog administrator.

    ReplyDelete
  138. This comment has been removed by a blog administrator.

    ReplyDelete
  139. This comment has been removed by a blog administrator.

    ReplyDelete
  140. This comment has been removed by a blog administrator.

    ReplyDelete
  141. This comment has been removed by a blog administrator.

    ReplyDelete
  142. This comment has been removed by a blog administrator.

    ReplyDelete
  143. This comment has been removed by a blog administrator.

    ReplyDelete
  144. This comment has been removed by a blog administrator.

    ReplyDelete
  145. This comment has been removed by a blog administrator.

    ReplyDelete
  146. This comment has been removed by a blog administrator.

    ReplyDelete
  147. This comment has been removed by a blog administrator.

    ReplyDelete
  148. This comment has been removed by a blog administrator.

    ReplyDelete
  149. This comment has been removed by a blog administrator.

    ReplyDelete
  150. This comment has been removed by a blog administrator.

    ReplyDelete
  151. This comment has been removed by a blog administrator.

    ReplyDelete
  152. This comment has been removed by a blog administrator.

    ReplyDelete
  153. This comment has been removed by a blog administrator.

    ReplyDelete
  154. This comment has been removed by a blog administrator.

    ReplyDelete
  155. This comment has been removed by a blog administrator.

    ReplyDelete
  156. This comment has been removed by a blog administrator.

    ReplyDelete
  157. This comment has been removed by a blog administrator.

    ReplyDelete
  158. This comment has been removed by a blog administrator.

    ReplyDelete
  159. This comment has been removed by a blog administrator.

    ReplyDelete
  160. This comment has been removed by a blog administrator.

    ReplyDelete
  161. This comment has been removed by a blog administrator.

    ReplyDelete
  162. This comment has been removed by a blog administrator.

    ReplyDelete
  163. This comment has been removed by a blog administrator.

    ReplyDelete
  164. This comment has been removed by a blog administrator.

    ReplyDelete
  165. This comment has been removed by a blog administrator.

    ReplyDelete
  166. This comment has been removed by a blog administrator.

    ReplyDelete
  167. This comment has been removed by a blog administrator.

    ReplyDelete
  168. This comment has been removed by a blog administrator.

    ReplyDelete
  169. This comment has been removed by a blog administrator.

    ReplyDelete
  170. This comment has been removed by a blog administrator.

    ReplyDelete
  171. This comment has been removed by a blog administrator.

    ReplyDelete
  172. This comment has been removed by a blog administrator.

    ReplyDelete
  173. This comment has been removed by a blog administrator.

    ReplyDelete
  174. This comment has been removed by a blog administrator.

    ReplyDelete
  175. This comment has been removed by a blog administrator.

    ReplyDelete
  176. This comment has been removed by a blog administrator.

    ReplyDelete
  177. This comment has been removed by a blog administrator.

    ReplyDelete
  178. This comment has been removed by a blog administrator.

    ReplyDelete
  179. This comment has been removed by a blog administrator.

    ReplyDelete
  180. This comment has been removed by a blog administrator.

    ReplyDelete
  181. This comment has been removed by a blog administrator.

    ReplyDelete
  182. This comment has been removed by a blog administrator.

    ReplyDelete
  183. This comment has been removed by a blog administrator.

    ReplyDelete
  184. This comment has been removed by a blog administrator.

    ReplyDelete
  185. This comment has been removed by a blog administrator.

    ReplyDelete
  186. This comment has been removed by a blog administrator.

    ReplyDelete
  187. This comment has been removed by a blog administrator.

    ReplyDelete
  188. This comment has been removed by a blog administrator.

    ReplyDelete
  189. This comment has been removed by a blog administrator.

    ReplyDelete
  190. This comment has been removed by a blog administrator.

    ReplyDelete
  191. This comment has been removed by a blog administrator.

    ReplyDelete