Nodes with No Password
Categories:
- Target Database: —
- Context Type: —
- Alert Severity: —
- Triggered Time: —
- Firing Context:
—
Nodes with No Password Report
Report ID: security-nodes-no-password
Category: Security
Purpose
This report identifies active PeopleSoft message nodes that have no authentication configured or have authentication enabled but no passwords set. Anything on the network can post messages to these nodes.
What It Detects
The report categorizes problem nodes into three severity levels:
CRITICAL — Active Nodes with No Authentication
Active nodes where AUTHOPTN = 'N' (None). Any external system can communicate with these nodes without providing any credentials.
WARNING — Active Nodes with Auth but No Passwords
Active nodes that have an authentication option configured (AUTHOPTN is P, C, or T) but neither the internal password (IBPASSWORD) nor external password (IBEXTERNALPWD) fields contain a value.
INFO — Inactive Nodes with No Authentication
Nodes that are currently inactive (ACTIVE_NODE = '0') but have no authentication. While not an immediate risk, these would become vulnerable if reactivated.
Table Queried
PSMSGNODEDEFN — Message Node Definitions
The primary record for PeopleSoft Integration Broker message nodes.
| Field | Description | Values |
|---|---|---|
| MSGNODENAME | Node name (primary key) | |
| ACTIVE_NODE | Whether the node is active | 1 = Active, 0 = Inactive |
| AUTHOPTN | Authentication option | N = None, P = Password, C = Certificate, T = Token |
| IBPASSWORD | Internal password | Non-empty means password is set |
| IBEXTERNALPWD | External password | Non-empty means password is set |
| USERID | PeopleSoft user ID associated with the node | |
| CONNID | Connector ID | e.g., HTTPTARGET, JMSTARGET |
| NODE_TYPE | Node type | |
| DESCR | Description | |
| LASTUPDOPRID | Last updated by operator | |
| LASTUPDDTTM | Last updated timestamp |
Data Flow
1. Fetch ALL message nodes from PSMSGNODEDEFN
via SearchNodes (batches of 300)
|
v
2. Categorize each node:
- Is it active? (ACTIVE_NODE == "1")
- What is its auth option? (AUTHOPTN)
- Does it have any password? (IBPASSWORD or IBEXTERNALPWD)
|
v
3. Sort into three buckets:
CRITICAL: Active + AuthOptn == "N"
WARNING: Active + AuthOptn != "N" + no passwords
INFO: Inactive + AuthOptn == "N"
|
v
4. Generate Markdown report grouped by severity
Categorization Logic
The report uses these helper methods on each node record:
| Method | Logic |
|---|---|
IsActive() | Returns true if ACTIVE_NODE == "1" |
HasInternalPassword() | Returns true if IBPASSWORD is non-empty |
HasExternalPassword() | Returns true if IBEXTERNALPWD is non-empty |
HasAnyPassword() | Returns true if either internal or external password is set |
Report Output
The generated report contains:
- Header with database name and generation timestamp
- Summary with total node counts, active count, and counts per severity category
- CRITICAL section (if any): Table with node name, description, node type, connector, user ID, last updated by/when
- WARNING section (if any): Table with node name, description, auth option label, internal/external password status (Set/Not Set), user ID, last updated
- INFO section (if any): Table with inactive node name, description, node type, last updated by/when
- Recommendations based on which severity categories have findings
Parameters
This report has no configurable parameters.
Interpreting Results
- CRITICAL findings require immediate action. Active nodes with no authentication mean any system on the network can send messages without credentials.
- WARNING findings should be investigated. Authentication is configured but credentials may not be properly set, rendering the authentication ineffective.
- INFO findings are lower priority but represent latent risk. If these nodes are ever reactivated, they would immediately become vulnerable.
Authentication Option Reference
| Value | Label | Description |
|---|---|---|
| N | None | No authentication required |
| P | Password | Password-based authentication |
| C | Certificate | Certificate-based authentication |
| T | Token | Token-based authentication |
Recommendations
- Immediately configure authentication on active nodes with
AUTHOPTN='N' - Set
AUTHOPTNto P (Password) or C (Certificate) and configure credentials - Set internal or external passwords on nodes that have auth enabled but no credentials