Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Lockout bypass using the RFC_SYSTEM_INFO function module, SAP security note 604578

Description

The RFC_SYSTEM_INFO function module returns information stating whether the logon data used was correct.

Available fix and Supported packages

  • SAP_BASIS | 46B | 46D
  • SAP_BASIS | 610 | 620
  • SAP_BASIS 46B | SAPKB46B52 |
  • SAP_BASIS 610 | SAPKB61032 |
  • SAP_BASIS 46C | SAPKB46C44 |
  • SAP_BASIS 46D | SAPKB46D33 |
  • SAP_BASIS 620 | SAPKB62021 |

Affected component

    BC-MID-RFC
    RFC

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/604578

TAGS

#VulnerabilitiesInternet-Security-Systems-“sap-sapinfo-lockout-bypass”Security-Focus-Online-“SAP-R/3-sapinfo-RFC-API-Account-Locking-Weakness””SAP-R/3
#account-locking-and-RFC-SDK”

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.