Registration Template Access Codes Can Be Reused Multiple Times Creating A Security Risk (Doc ID 2069413.1)

Last updated on JUNE 12, 2017

Applies to:

PeopleSoft Enterprise SCM Purchasing - Version 9.2 to 9.2 [Release 9]
Information in this document applies to any platform.

Symptoms

---------------
Registration Template Access Codes can be reused multiple times creating a security risk

Using the Supplier Registration functionality in it's current state presents a significant security risk because the Access Codes are not designed to be single use codes which means that two or more companies can have the same login credentials to the Supplier Registration via the Supplier Portal AND there is no way to restrict additional unintended companies from receiving forwarded invitation emails and nothing to systematically prohibit them from submitting an online Supplier Registration application. These are MAJOR security risk to anyone who chooses to implement this functionality. There needs to be two major alterations to this process:

1. The Access Codes should be unique values assigned to each invitee supplier (or bidder) at the line level (not an invitation header attribute).
2. Once a registration application is submitted the Access Code associated with the registration form can never be reused to register another business.

Without these modifications sending supplier registrations out via the Internet creates a fairly large security risk. This needs to be addressed immediately to make this functionality viable.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms