The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.

Threat-Mapped Scoring

Score: 3.25

Priority: P2 - Serious (High)

• S1 – Steal Customer Account Information
• S9 – Sabotage of System/App (+0.25 bonus)

EPSS

Score: 0.10388
Percentile: 0.92862

CVSS Scoring

Affected Products

• cpe:2.3:a:sap:router:710:029:*:*:*:*:*:*
• cpe:2.3:a:sap:router:720:411:*:*:*:*:*:*
• cpe:2.3:a:sap:router:721:117:*:*:*:*:*:*

← Back to Home