Hello! Today's post can be considered as a appendix to our previous post. We will learn how to validate the strength of SAP passwords by trying to crack them. We'll focus on the password hashes coming from the SAP JAVA Application Server.
There are reasons why you might want to check the security (strength) of an SAP implementation's passwords. Maybe during an external SAP security assessment or during an internal review.
In this post, I'll cover some of the latest vulnerabilities reported to SAP by Onapsis and published last week.
In our previous post, we were able to understand the topology and configuration in place, useful whenever you want to analyze how secure a SAProuter implementation is. In this article, we'll check if our SAProuter is secure or whether it would be possible for an attacker to retrieve information and connect to our internal network.