First published: Tue Mar 16 2004(Updated: )
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sap Sap R 3 | ||
SAP SAPgui | =4.6c | |
SAP SAPgui | =4.6d |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2003-1035 has a medium severity rating as it allows attackers to bypass account locking mechanisms.
To fix CVE-2003-1035, ensure that appropriate security configurations are applied to limit RFC API access.
CVE-2003-1035 affects SAP R/3 version 46C and 46D installations.
Yes, CVE-2003-1035 can lead to unauthorized access due to brute force password guessing attacks.
CVE-2003-1035 is considered a notable vulnerability due to its exploitation potential in SAP R/3 systems.