Oracle PeopleSoft applications are quite complex and consist of many components, so their security is not a simple thing. While there is almost no research on PS security, successful attacks against such systems happen from time to time. That’s why we decided to start series of articles about some aspects of PS security.
Last Wednesday Harvard University announced that on June 19 an intrusion on Faculty of Arts and Sciences and Central Administration information technology networks was discovered. According to the announcement on Harvard website, this breach affected eight different schools and thought to have exposed students’ log-in credentials. University IT staff denied that any personal data or information from internal email system had been exposed.
TokenChpoken attack on Oracle PeopleSoft affecting nearly half of large enterprises and government organizations
Palo Alto, CA – June 29, 2015 ERPScan Research department specializing in SAP and Oracle applications security has published the results of the recent research on public-facing Oracle PeopleSoft applications and their vulnerabilities. These applications are usually used by Fortune 500 companies and government organizations. Almost 50% of companies using Oracle PeopleSoft HRMS system are vulnerable. More than 200 of them can be attacked via the internet. In the list of those companies, there are 18 companies from Fortune 500 and 25 companies included in Forbes 2000 World’s Biggest Public Companies.