Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP R/3 sapinfo RFC API帐户锁定漏洞
Vulnerability Description
SAP R/3是一个基于客户/服务机结构和开放系统的,集成的企业资源计划系统。 SAP R/3对多次登录尝试没有正确锁定帐户,远程攻击者可以利用这个漏洞对帐户进行暴力猜解。 默认安装下,SAP R/3会在三此错误登录尝试后SAPGUI会杀掉GUI,在4次SAPGUI崩溃(4*3 =3D 12次尝试)后,测试的帐户就会琐定(在SAPR3.USR02 UFLAG=3D128)。但是攻击者如果使用SDK RFC的sapinfo工具进行密码验证操作,可以多次进行连接而SAP不锁定用户帐户,这可导致攻击者对已知用户
CVSS Information
N/A
Vulnerability Type
N/A