These vulnerabilities are still found 5 years later
It’s been 5 years since our research revealed new, until then unknown, vulnerabilities: default accounts in SAP Solution Manager. These accounts were introduced already many years earlier and could result in a complete compromise of an SAP landscape.
With the release of SAP Security note 2293011 (Upgrade Information: Default Users within SAP Solution Manager) SAP informed the public on this vulnerability and we have seen a steady decrease ever since in vulnerable SAP systems containing these accounts.
Still, occasionally, we do find one or more of these accounts present during assessments, making it rather easy to obtain full access to those SAP systems. Therefore, at the 5th birthday of this vulnerability, let’s take this moment to doublecheck and see if this vulnerability is remediated in your SAP systems.
We offer a free tool to check your SAP systems. You can download it from our website! And while you’re at it, please don’t forget to subscribe to our Newsletter and LinkedIn page to stay up to date with SAP Security relevant news items.
P.S. This free tool is not a demo or a part of Protect4S, our SAP Security solution. For more details on Protect4S please visit https://protect4s.com.