Volume I: The Risks of Downwards Compatibility

Download

SAP has implemented several unique password hashing procedures in its history. While each new version has increased the security level of their hashing scheme, the requirements for backward compatibility, if not considered in the implementation phase, may provide an opportunity for attacks against users’ stored credentials. Through the exploitation of these weaknesses, malicious attackers would be able to escalate privileges over vulnerable systems and perform business processes while impersonating other users.

This SAP Security In-Depth volume details the evolution of these hashing mechanisms developed by SAP, analyzes the different risk levels of attacks targeting this sensitive information and provides practical mitigation processes to protect the company’s SAP platform.

Back to Publications

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing SAP Business Technology Platform (BTP)

CH4TTER: Threat Actors Attacking SAP Applications

Anatomy of an Attack: C2 Incident on SAP

Your S/4HANA Cloud Journey

Volume I: The Risks of Downwards Compatibility

Volume XVII: Remote Function Call: The Whole Picture

Volume XVI: SAP®️ Security In-Depth: Switchable Authorization Checks: New Workbench and Scenarios

Volume XV: SAP® Security In-Depth: Preventing Cyberattacks Against SAP Solution Manager