SAP Suffers Vulnerability

Tuesday, August 9, 2011 @ 01:08 PM gHale

There is a security hole in SAP’s J2EE engine, NetWeaver, which allows an attacker to create new administrator accounts remotely.

To find the hole you first search Google for a particular string that was typically an indicator of the Management Portal for SAP systems, said Russian security expert Alexander Polyakov of ERPScan, who showed the vulnerability at Black Hat last week.

RELATED STORIES
Worst to First: Securing Best Practices
Finding a RAT behind Cyber Attacks
Security 101: Avoiding Social Engineering, Phishing Attacks
Web Sites to Find if You’re a Target

While the SAP program does not have a direct affect on manufacturing, the vulnerability could cause secondary issues.

Using the URL from the search, Polyakov used a Perl script which executed the actual attack in two stages. First, the script would create a new user, then it would promote the new user to administrator. Using the freshly created user, it was then possible to log into the vulnerable system. The attack works even if the system’s two factor authentication (password+secret key) is in effect, Polyakov said.

Polyakov will release the script three months after the publication of an update by SAP, giving enough time for SAP’s customers to patch their systems.

Around 50 percent of all SAP installations will feel the affect of the bug in the J2EE Engine, Polyakov estimated. NetWeaver is the foundation for quite a few of SAP’s products.

An update should arrive in the next few days, a SAP spokesperson said.



Leave a Reply

You must be logged in to post a comment.