Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1395921-2)
SAP Support Packages
(SAPKA70205, SAPKA71010, SAPKA71105, SAPKA72002)
Описание
The program code contains a hard-coded username which changes the system's behaviour should a user authenticate successfully. The user may obtain additional information which should not be displayed. The vulnerability is caused by a hard-coded username-password combination in the program#s source code. A malicious user who specifies these credentials can log into the system without having been assigned legitimate access by the system administrator(s). In case a user already privileges to log in with, an Escalation of Privileges may be possible if the hard-coded account has higher access rights than the original user.
Как исправить
The hard coded user name is removed from the application logic.
Ссылки