Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

SAP Download Manager flaw exposed user password

An attacker who manages to get access to a user’s configuration file for SAP Download Manager might be able to obtain the stored proxy password.

Are you a SAP user? Do you use the SAP Download Manager that allows downloading of software packages and support notes? You urgently need to update it in orderto fix a serious vulnerability that could be exploited to expose your password.

According to experts at Core Security, a local attacker who is able to access the user’s configuration file in SAP Download Manager might be able to obtain the stored proxy password.

“SAP Download Manager [1] is a Java application offered by SAP that allows downloading software packages and support notes. This program stores the user’s settings in a configuration file. Sensitive values, such as the proxy username and password if set, are stored encrypted using a fixed static key” states thesecurity advisorypublished byCore Security.

The flaw affects the SAP Download Manager version up to 2.1.142...(continued)

View All Trending Stories