CVE-2003-1035

Currently unrated

Key Information:

Vendor: SAP
Status: SAPgui; SAP R 3
Vendor: CVE Published:; 15 April 2004

Summary

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

References

http://www.securityfocus.com/bid/7007

vdb-entryx_refsource_BID

http://lists.grok.org.uk/pipermail/full-disclosure/2003-M...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/451378/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004