Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Lockout bypass using the RFC_SYSTEM_INFO function module, SAP security note 604578

Description

The RFC_SYSTEM_INFO function module returns information stating whether the logon data used was correct.

Available fix and Supported packages

  • SAP_BASIS | 46B | 46D
  • SAP_BASIS | 610 | 620
  • SAP_BASIS 46B | SAPKB46B52 |
  • SAP_BASIS 610 | SAPKB61032 |
  • SAP_BASIS 46C | SAPKB46C44 |
  • SAP_BASIS 46D | SAPKB46D33 |
  • SAP_BASIS 620 | SAPKB62021 |

Affected component

    BC-MID-RFC
    RFC

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/604578

TAGS

#VulnerabilitiesInternet-Security-Systems-“sap-sapinfo-lockout-bypass”Security-Focus-Online-“SAP-R/3-sapinfo-RFC-API-Account-Locking-Weakness””SAP-R/3
#account-locking-and-RFC-SDK”

More to explorer