Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-16-023] Potential backdoor via hardcoded system ID

Application: SAP NetWeaver AS ABAP
Vendor URL: http://sap.com
Bugs: Hardcoded credentials
Reported: 01.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 10.05.2016
Reference: SAP Security Note 2292487
Author: Vahagn Vardanyan(ERPScan)

VULNERABILITY INFORMATION

Class: Hardcoded credentials
Impact: If access is allowed on the system with a particular system ID, it could be a backdoor left by developers or this is debug code.
Remotely Exploitable: Yes
Locally Exploitable: No

CVSS Information
CVSS Base Score v3: 3.1 / 10
CVSS Base Vector:

AV : Attack Vector (Related exploit range) Network (N)
AC : Attack Complexity (Required attack complexity) High (H)
PR : Privileges Required (Level of privileges needed to exploit) High (H)
UI : User Interaction (Required user participation) Required (R)
S : Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C : Impact to Confidentiality None (N)
I : Impact to Integrity Low (L)
A : Impact to Availability Low (L)

Business risk

An attacker can use hardcoded data to get unauthorized access and perform various actions in the system. In addition, it is likely that the code will be implemented into the system as a backdoor.

VULNERABILITY DESCRIPTION

Some functionality in the test environment of code page conversion tool contains code with hard-coded system ID.

VULNERABLE PACKAGES

SAP ABAP BASIS 7.4
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2292487

TECHNICAL DESCRIPTION

Proof of Concept