CVE-2014-0984

Name of the Vulnerable Software and Affected Versions SAP Router versions prior to 721 patch 118 SAP Router versions prior to 720 patch 412 SAP Router versions prior to 710 patch 030

Description The issue allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, also known as a timing side-channel attack. This occurs because the passwordCheck function terminates validation of a Route Permission Table entry password upon encountering the first incorrect character.

Recommendations For SAP Router version 721 patch 117 and earlier, update to version 721 patch 118 or later. For SAP Router version 720 patch 411 and earlier, update to version 720 patch 412 or later. For SAP Router version 710 patch 029 and earlier, update to version 710 patch 030 or later.