CVE-2003-1035

UNKNOWN

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does

Published Mar 16, 2004

Modified 1 years ago

No fix available

Details

The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.

References

WEBhttp://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html WEBhttp://www.securityfocus.com/archive/1/451378/100/0/threaded WEBhttp://www.securityfocus.com/bid/7007 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/11487 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2003-1035

CVSS Analysis

CVSS v2.0

7.5

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedMar 16, 2004

ModifiedAug 8, 2024