Computer Security
[EN] securityvulns.ru no-pyccku


SAP Router timing attacks information leakage
Published:04.05.2014
Source:
SecurityVulns ID:13721
Type:remote
Threat Level:
5/10
Description:It's possible to find a valid password via statistical attacks.
Affected:SAP : SAP Router 721
CVE:CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2014-0003] - SAP Router Password Timing Attack (04.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod