Here are the slides from DEEPSEC 2010 held in Vienna, where ERPScan experts gave new information about sapgui security.
Author: Alexander Polyakov
Alexander talk was about the possible ways of getting unauthorized access to corporate SAP servers through the SAP Frontend vulnerabilities and misconfigurations with new examples of attacks.
This presentation covers some new possibilities of gaining cleartext passwords from user workstations. Also first statistics from ERPSCAN Online was presented at the conference. Only 30% of users use patched SAPGUI applications.SAP SECURITY - Attacking SAP users with sapsploit eXtended 1.1 (DEEPSEC).pdf