Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1428526-5)
SAP Support Packages
(SAPKY31027, SAPKY40022, SAPKY41020, SAPKY50018, SAPKY51014, SAPKY70006)
Описание
Hard-coded user names (Backdoor)
The program code contains a hard-coded username which changes the system's behavior should a user authenticate successfully. The username was hard coded in the include file /SAPAPO/LRET_SURFACE_RPF77 which is not compliant with security standard.
The program code contains a hard-coded username which changes the system's behavior should a user authenticate successfully. The username was hard coded in the include file /SAPAPO/LRET_SURFACE_RPF77 which is not compliant with security standard.
Как исправить
Please implement the note and make the corrections accordingly
Ссылки