PeopleSoft Integration Broker exploit

We had an incident recently involving integration broker(IB) node on production environment getting updated without performing modification on both online and the IBconfig.properties file. I’m not sure if other user encountered similar issue but i would say it can actually occur if you are maintaining multiple peoplesoft environment and has something to do with how Peoplesoft maintains the IB node configuration.

To recreate the issue/scenario encountered, you can perform the following steps:
1. you will need 2 peoplesoft environment. one to perform the change(source) and another which you want to keep intact(target).

2. login to source and navigate to IB Gateway configuration page. update or create a new Gateway using the target url as the Gateway properties. Save changes.

3. again on the source, navigate to the IB node configuration and perform changes on the IB node. First, ensure that the IB node is using the Gateway that was updated or created in step 2. Then update the IB node configuration by adding additional appserver, etc. Save and ping the IB node.

5. Finally, login to your target environment and verify if there are any changes in the IB node settings.

While updating IB node requires password to be provided, it is important to note that IB node is connected to the Gateway properties. Any update to the IB node which uses the gateway will reflect on the target environment instead of the source.

While this can be avoided by ensuring that the Gateway/IB node setup are not shared across multiple environment unless required as part of integration. I can see similar issue occurring specially around database refreshes/cloning.

Advertisements