PT-2016-2662 · Sap · Sap Hana
Jp Perez-Etchegoyen
·
Published
2016-08-05
·
Updated
2016-11-28
·
CVE-2016-6144
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP HANA versions prior to Revision 102
Description
The SQL interface in SAP HANA does not limit the number of login attempts for the SYSTEM user when the password lock for system user option is not supported or is configured as "False". This makes it easier for remote attackers to bypass authentication via a brute force attack.
Recommendations
For SAP HANA versions prior to Revision 102, consider configuring the password lock for system user option to "True" to limit the number of login attempts for the SYSTEM user as a temporary workaround.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Hana