Skip to Content
avatar image
Former Member

SAP lock out all users

I was wondering, if someone wrote a simple script that attempted to connect to sap 4 times for each user in the system, would they then be able to lock out every user in the system?

I thought of this, because I am writing a webservice, and obviously the first step is connecting with the proper credentials.

The immediate remedy is clear, Basis would have to reset all users, I was just wondering if there would possibly be a way to block this. It seems like a really simple way for a nefarious person to take down the system. perhaps the IP could be locked from connecting after too many attempts?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Mar 27, 2017 at 06:08 PM

    Hello Jacob,

    Wouldn't you need a list of valid users first? Otherwise, you would have to guess the usernames, which would decrease the success rate of such attack considerably.

    Cheers!

    Isaías

    Add comment
    10|10000 characters needed characters exceeded

    • Hello Jacob,

      This is an interesting question.

      I am not aware of a protection mechanism that would tackle such attack...

      Maybe someone else on the community can comment on this.

      I'll also update this question if I find something.

      Cheers!

      Isaías