SAP Security Note 2067859 Potential Exposure to Digital Signature Spoofing

This week, SAP AG published a hot news item titled: "SAP Security Note 2067859 (Potential Exposure to Digital Signature Spoofing)", which alerts users about a potential vulnerability in certain cryptographic libraries used in SAP NetWeaver Application Server ABAP and SAP HANA. By abusing these libraries, an attacker could potentially spoof (i.e., successfully masquerade as a legitimate user) Digital Signatures produced in vulnerable systems.

SNC: Protecting SAP Communication Channels

SAP systems include a reduced set of security features, which cover the SAP authorization concept and user authentication based on passwords. SNC is a software layer in the SAP Netweaver system architecture that provides an interface to an external security product offering stronger authentication methods, by encryption and by single sign-on mechanisms allowing SAP customers to extend SAP system security beyond the built in set of features shipped with SAP.