CVE-2020-26834 Improper authentication in SAP HANA database, SAP security note 2978768

Description

The SAP HANA database does not correctly validate the user name when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated user name for whom the SAML bearer token was issued.

Available fix and Supported packages

HDB | 1.00 | 1.00
HDB | 2.00 | 2.00
SAP HANA DATABASE 1.00 | SP122 | 000033
SAP HANA DATABASE 2.0 | SP048 | 000003
SAP HANA DATABASE 2.0 | SP053 | 000000

Affected component

CVSS

Score: 4.2
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2978768

Vahagn Vardanian

CVE-2020-26834 Improper authentication in SAP HANA database, SAP security note 2978768

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Broken-Authentication
#&160-CVE-2020-26834

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Vahagn Vardanian

CVE-2020-26834 Improper authentication in SAP HANA database, SAP security note 2978768

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Broken-Authentication#&160-CVE-2020-26834

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Special offer for SAP Security Udemy course!

$ 9.99

#Broken-Authentication
#&160-CVE-2020-26834