Summary
If the IPS default "SuperUser" account is "Enabled", then when ANY user with the SuperUser access level changes an account password, the SMS uses the default "SuperUser" account to modify the password, as indicated in the logs;
Details
| Number | Time | User | Host | SessionID | Operation | Status |
| 118,708 | 4/17/12 2:15:37 PM CDT | SuperUser | 127.0.0.1 | 0 | Set pwd.user-pwd=******** | success |
| 118,707 | 4/17/12 2:15:01 PM CDT | marktest | 16.85.42.159 | 6 | Modify user jmeuse | success |
If on the other hand, the default "SuperUser” account is "Disabled", then when ANY user with the SuperUser access level changes an account password, the SMS uses that logged-in user to modify the password and the "Set pwd.user-pwd-*******" is not logged in the audit log;
| Number | Time | User | Host | Session ID | Operation | Status |
| 118,709 | 4/17/12 2:15:37 PM CDT | marktest | 16.85.42.159 | 6 | Modify user jmeuse | success |
This issue is present on SMS 3.2.x and below. SMS v3.3.0 and above does not display alert in the audit logs. In addition, the SMS is not affected when the default "SuperUser" account is disabled.
Test Now
