Hi Karthik,
I just tried it on an 740 system here and it did work. I first tried to use a wrong password and then logged in using SSO. I got a message saying one illegal password attemtp. This works with ABAP systems starting with 7.31 (latest by SP8) for form based authentication (web based access) as well as for SAP-GUI.
I do not know what ARA is, however the SAP system clearly differentiates between account locked and password locked on the UI level as well as within the data stored in the database (just double checked it on an 7.02 system). You can see this, when looking up the user in SU01 on the tab Logon data. For user with too many incorrect logon attemtps the message shown is in the password box stating there have been 'too mayn incorrect attempts' to log in. For account locked, the text is shown above the password box and simply read 'User is locked'.
I would suggest to fix your reports to only report the users where the lock is set according your requirements (I'd guess this is the account lock). At this point I do also not see, why this could be a security issue.
For the note 1817405, the report issue had been the abitility for a user to log in, even though the password change failed. This is not possible for ABAP. You either have to set a new one or disable your password. So the fix as mentioned in the note referenced is not required here.
Regards,
Patrick
