PeopleSoft 5.0 contains includes several security weaknesses, according to an article by Barb Cole in the 6 November issue of Network World. The problems include storing unencrypted passwords on users' desktops in Windows memory, passing unencrypted passwords over the network, and storing a master identification providing access to advanced network privileges on Windows clients where it could be found by hackers. PeopleSoft, described as the No. 3 vendor of client/server applications, provides a suite of pre-built financial, distribution, and human resources applications. The flaws were reported earlier by First Albany Corp.-META Technology Research, according to Network World. Patches to reduce the vulnerability of passwords stored on the client side are included in PeopleSoft 5.0.1, now available. Changes planned for early 1996 will encrypt passwords sent over networks.

A subsequent article by Ilan Greenberg in the 13 November issue of INFOWORLD reported that the 5.0.1 release indeed solves this particular problem. The article reports that PeopleSoft plans to incorporate Open Horizon, Inc.'s desktop security technology (including Connection Security Module, for better encryption and authentication of passwords), directly into PeopleSoft's applications by next March. Representatives of competing products from Oracle and Hyperion Software Corp. said their products were not subject to the kinds of security holes that had troubled the PeopleSoft product, according to INFOWORLD.