CVE-2016-6144

Name of the Vulnerable Software and Affected Versions SAP HANA versions prior to Revision 102

Description The SQL interface in SAP HANA does not limit the number of login attempts for the SYSTEM user when the password lock for system user option is not supported or is configured as "False". This makes it easier for remote attackers to bypass authentication via a brute force attack.

Recommendations For SAP HANA versions prior to Revision 102, consider configuring the password lock for system user option to "True" to limit the number of login attempts for the SYSTEM user as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.