From: Petr.Kazil@eap.nl
Date: Sun Feb 05 2006 - 14:16:26 EST
> (All I did was search for "SAP R/3 password hash".)
Stupid of me - I never thought about including the "hash" word in my
search. Thanks for the links.
After reading the two articles it's probably good to note that the
password hash dumps were produced by the transaction: S_BCE_68001439 using
the SAP-ALL role (I guess this is the SAP "Admin" role). So password
hashes are probably not that easy to get.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT