Skip links

Credentials are stored in memory by SAP MDM GDS 2.1, SAP security note 1605531

Description

  • Credentials of logged in users are kept in memory for the duration of their session
  • When user properties are read from MDM, passwords are kept in memory until the application is stopped

A malicious user who have operating system account to the GDS server with appropriate rights may steal credentials from the memory.

Available fix and Supported packages

  • GDSCORE | 2.1 | 2.1
  • GDSTOOLS | 2.1 | 2.1
  • GDSUI | 2.1 | 2.1
  • GDS CORE 2.1 | SP001 | 000013
  • GDS UI 2.1 | SP001 | 000013

Affected component

    MDM-GDS
    Global Data Synchronization

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1605531

TAGS

#Credentials
#SAP-MDM-GDS-2.1