"The authentication bug was for an information service & the info that can be gained isn't particularly useful, certainly not a critical prior and not classified by SAP as such."
1) The flaw was *re-introduced* which tells you that SAP are failing to use regression tests to verify that vulns stay fixed. This is a basic process problem that is *likely* to afflict every release of every product they produce.
2) Authentication bypasses give an attacker a platform to launch further attacks within a "trusted" domain, this is not a good thing.
Biting the hand that feeds IT
