Account Lock Bypass in SAP R/3 by Remote Attackers
CVE-2003-1035

Currently unrated

Key Information:

Vendor

SAP

Vendor
CVE Published:
15 April 2004

What is CVE-2003-1035?

The default configurations of SAP R/3 versions 46C and 46D allow remote attackers to exploit the system by bypassing account lockout mechanisms. By utilizing the RFC API to conduct brute force password guessing attacks, attackers can repeatedly attempt to access accounts without triggering the protective lockout that would normally activate through the SAPGUI interface. This vulnerability can greatly increase the risk of unauthorized access to sensitive information and systems.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.