Remote PSAdmin

Category: Security

  • How PeopleSoft uses SSL when acting as the Client

    Previously, I wrote about SSL and how Weblogic utilizes it from a server perspective.  This article provides a followup analysis from a client perspective, the client being the PeopleSoft system.  We will look at a few examples of different client uses in PeopleSoft and how we can control the protocol used.

  • SSL and Weblogic

    As previously mentioned, I was doing an analysis of how PeopleSoft and Weblogic utilize SSL which was spawned by the announcement of POODLE.  I’m going to review my findings for Weblogic 10.3.6.x and then duplicate the analysis to see if anything is changed with Weblogic 12.1.2.  Weblogic 10.3.6.x is supported for any PeopleTools 8.50 –…

  • PeopleSoft and POODLE

    POODLE has been a fairly common topic with security teams recently since Google announced the vulnerability. There is plenty of reading available on the POODLE attack so I’m not going to go into too much detail but I’ll give a short description.  POODLE is a man-in-the-middle attack which uses an attackers ability to force the…

  • PeopleSoft Timeout Problems in 8.50 – 8.52

    There have been several PeopleSoft Timeout problems that have impacted various levels of 8.50, 8.51, and 8.52.  Indications are all these problems are fixed now.  According to Oracle, the code has also been fixed in 8.50.25, 8.51.17, 8.52.07, and 8.53.  I’m sure a new problem will pop up at some point though. The first problem…

  • Why you should have different local node passwords

    I was doing an assessment of a Peoplesoft installation recently when I noticed that the node passwords were the same across all environments of the same application type. While this might not seem like it is a big deal, it can open up a production environment to unauthorized access or accidental data entry. If this…