Applications

Expand all | Collapse all

ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

  • 1.  ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

    Posted 05-28-2020 18:03

    ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

     Password controls 101… when setting up a new user or resetting a password for an existing user, the system does NOT require the User to change their password.  This is either a bug or a major design flaw.  When a user is set up or a password changed by a help desk user or security administrator, typically they provide that password to the user.  The user, when logging in, normally MUST change their password.  This would be considered a best practice in the design.

     In this video, we will demonstrate a new user being set up, then we'll log in as that user.  We'll see that the system does NOT require them to change their password upon login.

     We will log this as a bug / enhancement request and keep you updated as we receive a response from Oracle.

     Check out our video this topic here:

    https://www.linkedin.com/posts/erp-risk-advisors_erparmor-erpriskadvisors-erpcloud-activity-6671886998481059840-1pU7

     #ERPArmor #ERPRiskAdvisors #ERPCloud #OracleCloud



    ------------------------------
    Jeff Hare CPA CIA CISA
    CEO
    ERP Risk Advisors
    Greeley CO
    (970) 324-1450
    ------------------------------


  • 2.  RE: ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

    Posted 05-29-2020 13:43
    Thank you for sharing this.  Please keep us updated on the SR#.  I was also wondering if we are federating with AD, is it still an issue?​

    ------------------------------
    Michelle Sanford
    Director Enterprise Applications
    Hanger Orthopedic Group
    Austin TX
    -
    ------------------------------



  • 3.  RE: ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

    Posted 05-29-2020 15:40
    Michelle,

    We don't have access to an environment where SSO / AD is integrated so we can't test it.  Would you mind testing it in your environment and letting us know what you find out.

    Jeff

    ------------------------------
    Jeff Hare CPA CIA CISA
    CEO
    ERP Risk Advisors
    Greeley CO
    (970) 324-1450
    ------------------------------



  • 4.  RE: ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

    OATUG Forum Speaker
    Posted 06-23-2020 19:04
    Hi Michelle, can we get in touch?

    ------------------------------
    Geert Mouwen
    Managing Consultant Presales
    APRO Software Solutions
    Austin TX
    (650) 245-
    ------------------------------



  • 5.  RE: ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

    Board Officer
    Posted 05-31-2020 09:23
    We never send a password to a new user. All users set (or reset) their password using the self-service tool, clicking on the "password assistance" link on the logon page, entering their user id, and then setting or resetting their password from email associated with their user id.

    ------------------------------
    Andy Farber
    Associate Director, Financial Systems
    Consumer Reports
    Yonkers NY
    afarber@consumer.org
    ------------------------------



  • 6.  RE: ERP Cloud: Major Bug or Design Flaw Related to Setting Initial Passwords or Resetting Passwords

    GEO Leader
    Posted 06-01-2020 10:25
    I would agree your process is the best choice.  At the same time, the system permits creating the password by one user and not requiring the other user (account holder) to update the password on login.  I believe this is a gap that should be corrected.

    ------------------------------
    Talbott Jones
    Senior Consultant
    ERP Risk Advisors
    Greeley CO
    (757) 969-0020
    ------------------------------