SAP Adaptive Server Enterprise (ASE) is a relational database management system used, especially in the financial sector. The SAP product is used by over 30,000 organizations worldwide, including the world’s top 25 banks. However, researchers have discovered some critical vulnerabilities and directed the organizations to deploy the patches for ASE as the server failed to clear credentials from persistent installation logs. In this article at CSO Online, Lucian Constantin explains how sensitive information on SAP ASE’s Cockpit is available to anyone on the network.
Beware of These Flaws
Information Disclosure in SAP ASE
The login password for the helper database gets stored in the configuration file and is readable by any windows user. This flaw further affects the Cockpit component of SAP ASE, a web-based administrative console used for monitoring the status and availability of ASE servers. A hacker with access to a local non-privileged Windows account can recover these passwords from the configuration file and log into the helper database. A cybercriminal can overwrite the files in the operating system and even execute malicious code with LocalSystem privileges by issuing commands like ‘CREATE ENCRYPT FILE’.
File Permission Issue
“The SAP ASE log file also includes SHA 256 hashes and base 64-encoded salts for the sccadmin and uafadmin passwords. These are two administrative accounts associated with Cockpit,” explains Lucian. The vulnerability here is that it is easy to decode the salt and run dictionary-based offline brute-force attacks against the hashes to crack the passwords. Experts say that this is not the first time that improper file access controls have exposed SAP ASE and Cockpit.
The system’s vulnerabilities allow malicious users to either guess privileged user passwords or just decrypt them to execute arbitrary commands on targeted systems. If you are an SAP ASE user, install security fixes without any delay.
To read the original article, click on https://www.csoonline.com/article/3576294/sap-ase-leaves-sensitive-credentials-in-installation-logs.html.