Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1579478-1)
SAP Support Packages
(SAPKA64028, SAPKB70025, SAPKB70110, SAPKB70209)
Описание
The program code contains a hard-coded username which changes the systems behaviour should a user authenticate successfully. The user may obtain additional information which should not be displayed.The vulnerability is caused by a hard-coded username-password com-bination in the program source code. A malicious user who specifies these credentials can log into the system without having been assigned legitimate access by the system administrator(s). In case a user already privileges to log in with, an Escalation of Privileges may be possible if the hard-coded account has higher access rights than the original user.
Как исправить
The note carries the required correction
Ссылки