Account Lock Bypass in SAP R/3 by Remote Attackers
CVE-2003-1035

Currently unrated

Key Information:

Vendor: SAP
Status: SAPgui; SAP R 3
Vendor: CVE Published:; 15 April 2004

What is CVE-2003-1035?

The default configurations of SAP R/3 versions 46C and 46D allow remote attackers to exploit the system by bypassing account lockout mechanisms. By utilizing the RFC API to conduct brute force password guessing attacks, attackers can repeatedly attempt to access accounts without triggering the protective lockout that would normally activate through the SAPGUI interface. This vulnerability can greatly increase the risk of unauthorized access to sensitive information and systems.

References

http://www.securityfocus.com/bid/7007

vdb-entryx_refsource_BID

http://lists.grok.org.uk/pipermail/full-disclosure/2003-M...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/451378/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004