Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Database security: SAP HANA authentication flaw allowed attacker to pose as different user

Identity access management provider SecureAuth has uncovered a security vulnerability in SAP HANA, SAP’s in-memory database.

HANA is a core component of SAP’s business technology platform on which ERP, CRM, SRM, and other applications run, providing analytics on multimodel data, both on-premise, and in the cloud.

The database management system supports a variety of identity protocols and technologies, including the XML-based Security Assertion Markup Language (SAML) standard – and this is where the vulnerability lies.

“SecureAuth maintains several open source tools used by other security researchers and pen-testers to understand and explore using different network protocols,” Martin Gallo, SecureAuth’s director of strategic research, told The Daily Swig.

“While we were implementing the custom protocol that SAP HANA uses for their SQL interface in some of those tools, we decided to look for potential vulnerabilities affecting SAP’s SAML implementation.”

In your element
The vulnerability SecureAuth discovered allows an attacker with authenticated access – either through having valid access in their own right or through obtaining a signed SAML assertion belonging to another user – to authenticate as a different user.

The issue was caused by an inconsistency in the way XML elements are traversed and how comment nodes are handled.

“SAML assertions are basically signed XML tokens,” Gallo explained. “The vulnerability we identified appears due to the XML element in the user’s identifier being authenticated differently at the time of validating signature than when performing the access check itself.”

The researcher added: “The implication is that if an attacker is able to obtain a SAML token granted for user ‘A’, [they] can modify it slightly without invalidating the signature, and use it to authenticate to SAP HANA as a different user ‘B’.”

Coordinated disclosure
Gallo says the disclosure process went smoothly, leading to the release of a security advisory on December 8.

“We started the process in August and worked with SAP, who were diligent on fixing the issue in a reasonable amount of time, given that it affected all versions of HANA,” he says.

“Other potential issues reported at the same time are still in the process of coordinated disclosure.”

SecureAuth is recommending that SAP HANA customers check out SAP Security Note 2978768 (account login required), review the recommended mitigation steps, and update accordingly.

Source: https://portswigger.net/daily-swig/database-security-sap-hana-authentication-flaw-allowed-attacker-to-pose-as-different-user

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO