• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1579478 - Hard-coded credentials in BC-MOB-MI-SER

Главная Специалистам База уязвимостей Note 1579478 - Hard-coded credentials in BC-MOB-MI-SER

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1579478-1) SAP Support Packages (SAPKA64028, SAPKB70025, SAPKB70110, SAPKB70209)
Описание
The program code contains a hard-coded username which changes the  systems behaviour should a user authenticate successfully. The user may  obtain additional information which should not be displayed.The vulnerability is caused by a hard-coded username-password  com-bination in the program source code. A malicious user who specifies  these credentials can log into the system without having been assigned  legitimate access by the system administrator(s). In case a user already  privileges to log in with, an Escalation of Privileges may be possible  if the hard-coded account has higher access rights than the original user.
Как исправить
The note carries the required correction
Ссылки