This note describes a security risk in connection with GRMG scenario customizing files and a work-around for ensuring complete security with respect to sensitive password data in GRMG scenario customizing files.

The CCMS GRMG (Generic Request and Message Generator) tests the availability of web components, such as NetWeaver 04 ABAP and J2EE engines, software components running on these engines, and SAP or non-SAP web services.

GRMG monitors ‘scenarios’ in GRMG terminology, where a scenario identifies the URL of the monitored web service and packages properties required for logon to the web service and for performing tests of functionality at the monitored service. Among these properties may be passwords, either for the logon to the web service or for logons to other components, such a shops, in the course of availability testing at the web service.

GRMG scenarios are defined in XML documents which are uploaded into the CCMS monitoring system, an ABAP engine at Release 6.40 (NW04) or Release 6.20.  GRMG scenario customizing typically is stored as an XML file, whereby the file may be created directly by the customer or may be generated by the SAP Visual Administrator (SAP J2EE Engine), the SAP Extended Configuration Manager (XCM, SAP CRM) or by some other tool.

GRMG customizing files are stored for upload into the monitoring ABAP system in a well-defined directory on the host at which a web service is running. It is with respect to GRMG customizing files in the GRMG upload directory that a security risk exists.

Access to the GRMG upload directory in which GRMG scenario customizing files are stored is naturally restricted.  No normal user should have logon access to the host on which an SAP engine or other production web service is running. And only certain administrive users (for Visual Admin, for XCM, the user under which a CCMS agent is running) should have access to the GRMG directory itself. Nevertheless, if passwords have been entered as properties in the GRMG customizing XML files, then these passwords are stored in unencrypted form in the GRMG customizing files in the GRMG upload directory. This is the security risk discussed in this note.