Reply to post:

SAP fixes gaping authentication bypass flaw after 3 YEARS


"The authentication bug was for an information service & the info that can be gained isn't particularly useful, certainly not a critical prior and not classified by SAP as such."

1) The flaw was *re-introduced* which tells you that SAP are failing to use regression tests to verify that vulns stay fixed. This is a basic process problem that is *likely* to afflict every release of every product they produce.

2) Authentication bypasses give an attacker a platform to launch further attacks within a "trusted" domain, this is not a good thing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021