← back
CVE-2014-0984

CVE-2014-0984

EPSS 2.8%
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/32919unverifiedexploitdbwww.exploit-db.com/exploits/32919unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://scn.sap.com/docs/DOC-8218https://service.sap.com/sap/support/notes/1986895http://www.coresecurity.com/advisories/sap-router-password-timing-attackhttp://www.exploit-db.com/exploits/32919http://www.securityfocus.com/archive/1/531854/100/0/threaded