CVE-2014-0984

SAP Router - Access Control

Title source: rule

Description

The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textremotehardware

https://www.exploit-db.com/exploits/32919

View Code ZIP pw:eip

References (5)

[Various Sources] http://scn.sap.com/docs/DOC-8218

[Various Sources] http://www.coresecurity.com/advisories/sap-router-password-timing-attack

[Various Sources] https://service.sap.com/sap/support/notes/1986895

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/531854/100/0/threaded

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/32919

Scores

EPSS 0.0897

EPSS Percentile 92.5%

Classification

CWE

CWE-264

Status draft

Affected Products (3)

sap/router

sap/router

sap/router

Timeline

Published Apr 17, 2014

Tracked Since Feb 18, 2026