CVE-2014-0984

SAP Router - Timing Side-Channel Attack via Password Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0984. PoCs published by Core Security.

AI-analyzed exploit summary The provided code is a detailed advisory and partial proof-of-concept for CVE-2014-0984, a timing attack vulnerability in SAP Router's password check function. It includes assembly-level analysis of the vulnerable function and a Python script snippet for measuring response times.

Description

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Core Security · textremotehardware
https://www.exploit-db.com/exploits/32919

The provided code is a detailed advisory and partial proof-of-concept for CVE-2014-0984, a timing attack vulnerability in SAP Router's password check function. It includes assembly-level analysis of the vulnerable function and a Python script snippet for measuring response times.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: SAP Router (versions 721, 720, 710)
No auth needed
Prerequisites: Network access to SAP Router service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1986895
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531854/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32919
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218

Scores

EPSS 0.0282
EPSS Percentile 84.7%

Details

CWE
CWE-264
Status published
Products (3)
sap/router 710 029
sap/router 720 411
sap/router 721 117
Published Apr 17, 2014
Tracked Since Feb 18, 2026