Account Lock Bypass in SAP R/3 by Remote Attackers
CVE-2003-1035
Currently unrated
What is CVE-2003-1035?
The default configurations of SAP R/3 versions 46C and 46D allow remote attackers to exploit the system by bypassing account lockout mechanisms. By utilizing the RFC API to conduct brute force password guessing attacks, attackers can repeatedly attempt to access accounts without triggering the protective lockout that would normally activate through the SAPGUI interface. This vulnerability can greatly increase the risk of unauthorized access to sensitive information and systems.