SU01 SAP GUI input history saves passwords, SAP security note 1365205

Description

1. You use transaction SU01 to create a new initial password for a user. This password is displayed as plaintext in the password field. If you choose “Enter” in the password field, the system saves the password in the input history of SAP GUI. This is a security risk.

Available fix and Supported packages

SAP_BASIS | 710 | 720
SAP_BASIS 710 | SAPKB71010 |
SAP_BASIS 711 | SAPKB71105 |
SAP_BASIS 720 | SAPKB72003 |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1365205

Vahagn Vardanian

SU01 SAP GUI input history saves passwords, SAP security note 1365205

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Password
#generation-of-downward-compatible-passwords

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Vahagn Vardanian

SU01 SAP GUI input history saves passwords, SAP security note 1365205

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Password#generation-of-downward-compatible-passwords

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Special offer for SAP Security Udemy course!

$ 9.99

#Password
#generation-of-downward-compatible-passwords