Microsoft Dynamics GP "Encryption" Ceasar Cipher

Slashdot

+ - Microsoft Dynamics GP "Encryption" Ceasar Cipher-> 1

Submitted by scribblej on Friday May 21, 2010 @10:26AM

scribblej writes "Many large companies use Microsoft's Dynamics GP product for accounting, and many of these companies use it to store credit card numbers for billing customers. Turns out these numbers (and anything else in GP) are encrypted only by means of a simple substitution cipher. This includes the master system password, which can be easily selected and decrypted from the GP database by /any/ user.

"...you DON'T HAVE TO GIVE ACCESS TO THE DYNAMICS DATABASE. What that means is if you create a base user in GP, that user can log into the SQL server and run a select statement on the table containing the "encrypted" GP System password...""
Link to Original Source

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Microsoft Dynamics GP "Encryption" Ceasar Cipher

Load All Comments

Search 1 Comments Log In/Create an Account

Comments Filter:

Never seen an ERP before? (Score:1)

by PopBus (959675) writes:

..Apparently you're new to the whole ERP system thing.. A few pointers: 1. The system password uses weak encryption because it is a weak security measure and isn't meant to secure sensitive parts of the system. 2. Very little data is encrypted at all in the database, as is the case with most ERPs. This is because such encryption would be impractical for systems that are by their very nature "open" to third party developers.. Dynamics GP itself has thousands of third-party add-ons that access the databas

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Will this never-ending series of PLEASURABLE EVENTS never cease?

Microsoft Dynamics GP "Encryption" Ceasar Cipher More Login

Microsoft Dynamics GP "Encryption" Ceasar Cipher

Never seen an ERP before? (Score:1)