| ||Thread Tools|
|19th June 2013, 07:34||#1|
Join Date: May 2010
Ancient SAP software poisons networks
SAP's expensive business software, which no one knows what it does, and is so esoteric that no one ever bothers to upgrade it, could be a ticking security bomb.
Many companies have SAP installations which are so ancient that they did the logistics for King Charles' "lose your head party".
Research to be released next month by ERPScan shows that hundreds of organisations have been detected running dangerously vulnerable versions of SAP that are more than seven years old.
Vulnerabilities in the platform have been targeted in a range of attacks including those to modify pay cheques. They are also increasingly popular in the whitehat and blackhat exploit trade.
ERPScan chief technology officer and ZeroNights founder Alexander Polyakov found more than 4,000 servers hosting publicly-facing SAP applications during web searches using Google 700 servers and Shodan 3741 servers.
He said that if these outfits did their HR and financials with SAP it would be the end of them.
In a lecture, Ployakov said it was a common misconception that SAP systems were not public facing and remotely accessible.
For example, he found that 35 percent of those SAP systems found were running NetWeaver version 7 EHP 0 which was last updated in November 2005. Just under a quarter ran a version last updated in April 2010 and 19 percent ran a version unpatched since October 2008.
The same findings were uncovered for versions of SAP NetWeaver J2EE, which contained holes in critical services that without authentication could allow attackers to create users and assign roles, execute commands and turn the engine on and off.
Of the 5,000 exposed routers, 15 percent lacked access control lists which risked granting attackers access to the internal network; 19 percent contained information disclosure holes leading to possible denial of service; and five percent had dangerous insecure configurations leading to authentication bypassing.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Head of AOL Networks resigns||Stefan Mileschin||WebNews||0||12th April 2013 09:29|
|How to Install Software From Outside Ubuntu’s Software Repositories||Stefan Mileschin||WebNews||0||8th April 2013 10:09|
|NASA's Curiosity rover finds ancient streambed on Mars||Stefan Mileschin||WebNews||0||28th September 2012 08:56|
|R.A.W. – Realms of Ancient War released||Stefan Mileschin||WebNews||0||20th September 2012 09:28|
|Ancient pottery delays TSMC's new fab||Stefan Mileschin||WebNews||0||17th April 2012 07:28|
|SSD: One for all or two for RAID? @ APH Networks||Stefan Mileschin||WebNews||0||16th March 2012 08:06|
|Li PC-Z60 Computer Case Review @ APH Networks||Stefan Mileschin||WebNews||0||17th October 2011 08:04|
|Decoding an ancient computer||Sidney||General Madness - System Building Advice||1||3rd December 2006 23:09|
|Bigfoot Networks Killer NIC||jmke||WebNews||0||10th October 2006 07:56|
|Automakers Working on Car-to-Car Ad-Hoc Networks||jmke||WebNews||0||21st December 2004 23:42|