CVE-2014-0984
published 2014-04-17CVE-2014-0984: The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
2.82%
84.8th percentile
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | router | — | — |
| sap | router | — | — |
| sap | router | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
CWE
Observable Timing Discrepancy
mitre_cwe
CWE-208 Observable Timing Discrepancy
CWE-208: Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an inc
CWE
Incorrect Comparison Logic Granularity
mitre_cwe·CVSS 4.3
[MEDIUM] CWE-1254 Incorrect Comparison Logic Granularity
CWE-1254: Incorrect Comparison Logic Granularity
The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.
Comparison logic is used to compare a variety of objects including passwords, Message
Authentication Codes (MACs), and responses to verification challenges. When comparison logic is
implemented at a finer granularity (e.g., byte-by-byte comparison) and breaks in the case of a
comparison failure, an attacker can exploit this implementation to identify when exactly
the failure occurred. With multiple attempts, the attacker may be able to
http://scn.sap.com/docs/DOC-8218http://www.coresecurity.com/advisories/sap-router-password-timing-attackhttp://www.exploit-db.com/exploits/32919http://www.securityfocus.com/archive/1/531854/100/0/threadedhttps://service.sap.com/sap/support/notes/1986895http://scn.sap.com/docs/DOC-8218http://www.coresecurity.com/advisories/sap-router-password-timing-attackhttp://www.exploit-db.com/exploits/32919http://www.securityfocus.com/archive/1/531854/100/0/threadedhttps://service.sap.com/sap/support/notes/1986895
2014-04-17
Published