SAP Security Note 2067859 Potential Exposure to Digital Signature Spoofing

This week, SAP AG published a hot news item titled: "SAP Security Note 2067859 (Potential Exposure to Digital Signature Spoofing)", which alerts users about a potential vulnerability in certain cryptographic libraries used in SAP NetWeaver Application Server ABAP and SAP HANA. By abusing these libraries, an attacker could potentially spoof (i.e., successfully masquerade as a legitimate user) Digital Signatures produced in vulnerable systems.

The Ignored World of SAP Cyber Security: How organizations are waking up to attacks targeting their SAP cyber-layer

By now I am sure you have seen the public posting with details and a how-to guide regarding an exploitable SAP vulnerability in a major organizations’ internet facing website. It is always disheartening to see a company exposed in this way.