SAP security topic gathers pace at the hacker conferences. Thus, at the recent 44con conference employees of Sensepost Company turned to the questions of SAP client applications' security, continuing previously started researches of ERPScan researchers.
Sensepost employees made a presentation, where they showed a dissection of algorithm of data compression of DIAG protocol, which is used for data transmission between SAP client and server. Theoretical possibility of data decompression was known in narrow group of people for a long time, but practical examples, except for interception of passwords, were not available for public use. Sensepost specialists published two utilities, allowing fully intercepting, decompressing and modifying client-server requests very fast, thereby opening the ways for different MITM attacks. The second utility works as Proxy and created mostly for the searching for new vulnerabilities, and allows modifying requests for client and server and searching for new vulnerabilities in handling by fuzzing method.
So, it is possible that in the nearest future in the presence of such a powerful tool the amount of new vulnerabilities in SAP can significantly grow.
Continuing topic about security of SAP client applications, we remind that there is a free service online.erpscan.com, developed by the ERPScan experts and allowing checking SAP Frontend on presence of the latest vulnerabilities.