Published: 17/04/2014 Updated: 10/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and previous versions terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote malicious users to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap router 721
sap router 720
sap router 710

Core Security - Corelabs Advisory corelabscoresecuritycom/ SAP Router Password Timing Attack 1 *Advisory Information* Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: wwwcoresecuritycom/advisories/sap-router-password-timing-attack Date published: 2014-04-15 Date of last update: 2014-03-06 Ven ...

CWE-264 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/advisories/sap-router-password-timing-attack https://service.sap.com/sap/support/notes/1986895 http://www.exploit-db.com/exploits/32919 http://www.securityfocus.com/archive/1/531854/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/32919/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0984

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect