2007 Mar 24 2:54 PM
On my laptop sandbox, I can see the password in table usr02 but
in an encrypted form.
Could you tell me how to decode the password?
Thanks and points.
2007 Apr 03 3:12 PM
There is no direct way to retrieve the password.
If you are using ECC or in a CUA environment, try using SCUL and run the report for the user making sure you choose all the possible changes made to the user. The password must be displayed in hex format [I think]. You could probably use a decoding algorithm to try retrieving the password.
Hope this helps
2007 Mar 24 3:22 PM
Hi Jennifer,
no I can't and nobody else should be able to do so because the system stores a user password as a hash value.
If I or anyone could tell you how to decrypt this hash value we wouldn't have a safe platform :-).
Best regards,
André
2007 Mar 24 6:23 PM
As already confirmed i too think this is no way possible to decode this password .. the security authentication converts it into a encrypted format and stores it safely...
Br,
Sri
2007 Mar 26 7:19 AM
Hi jennifer,
Nope it is not possible to decode a password. The only way is to ask your administrator to change the password.
Hope it helps.
Please award points if it is useful.
Thanks & Regards,
Santosh
2007 Mar 26 4:34 PM
What are your objectives for wanting to decrypt the passwords? There are probably other ways to achieve your objectives..?
-PS there is no way to decrypt passwords as the algorithm used only allows for one-way encryption. Even the SAP system is not able to do it. The SAP system can only determine that an entered password is correct by encrypting the entered password and comparing the encrypted hash to the stored hash. The system also has other controls over brute force password attacks.
2007 Mar 30 4:08 PM
I can give you a little bit of information but I can not tell you how to do it. In older versions, SAP encrypts its passwords in a modified MD5 encryption with part of the userID as a salt. The newer versions also use MD5 but they also support SHA-1 encryption. This is about all I can tell you. Hope this helps. You can also do a search on google and get bits of information. I have heard that someone has been able to decrypt the password and I am sure someone out their knows how.
2007 Apr 02 1:41 PM
Hi,
you can not decrypt or decode the password, as passwords in the SAP system are stored as a hash and a hash is a one way function only (independent whether this is MD5 or SHA-1). <a href="http://en.wikipedia.org/wiki/Hash_function">See wikipedia for more details about hashes</a>. So the system can only check whether the password is correct or not (the system will compute the hash value for the password you gave him and compare it with the stored one). For details about which method is used when, please have a look at
<a href="http://help.sap.com/saphelp_erp2005vp/helpdata/en/52/6717ed439b11d1896f0000e8322d00/frameset.htm">the online help</a>.
However you can crakc passwords, either by brute force, meaning just generating random passwords or based on a dictionary and then have the system try them. However this will take time and you need to develop something first to interact with the system.
Regards,
Patrick
2007 Apr 03 3:12 PM
There is no direct way to retrieve the password.
If you are using ECC or in a CUA environment, try using SCUL and run the report for the user making sure you choose all the possible changes made to the user. The password must be displayed in hex format [I think]. You could probably use a decoding algorithm to try retrieving the password.
Hope this helps
2007 Apr 03 3:51 PM
Hi,
please read my post above. There is NO way to DECODE a users password, only to guess it in some way (this includes dictionary and brute force attacks).
BTW: I would guess, that you won't even see the password hash in SCUL, except for the one for the initial creation of a user.
regards,
Patrick