Penetration Testing mailing list archives
Re: SAP R/3 password encryption ?
From: Petr.Kazil () eap nl
Date: Sun, 5 Feb 2006 20:16:26 +0100
(All I did was search for "SAP R/3 password hash".)
Stupid of me - I never thought about including the "hash" word in my search. Thanks for the links. After reading the two articles it's probably good to note that the password hash dumps were produced by the transaction: S_BCE_68001439 using the SAP-ALL role (I guess this is the SAP "Admin" role). So password hashes are probably not that easy to get. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Black Hat USA CFP opens, Europe early bird reminder, Federal news Jeff Moss (Feb 01)
- SAP R/3 password encryption ? Petr . Kazil (Feb 02)
- Re: SAP R/3 password encryption ? Tim (Feb 05)
- Re: SAP R/3 password encryption ? Petr . Kazil (Feb 05)
- Re: SAP R/3 password encryption ? Tim (Feb 05)
- SAP R/3 password encryption ? Petr . Kazil (Feb 02)