NVD

Id
29805  
Name
CVE-2014-0984  
Description
The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-04-17  
Modified Date
2014-04-24  
Seq
2014-0984  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
157405 29805 CVE-2014-0984 http://scn.sap.com/docs/DOC-8218  View
157406 29805 CVE-2014-0984 http://www.coresecurity.com/advisories/sap-router-password-timing-attack  View
157407 29805 CVE-2014-0984 32919  View
157408 29805 CVE-2014-0984 20140416 [CORE-2014-0003] - SAP Router Password Timing Attack  View
157409 29805 CVE-2014-0984 https://service.sap.com/sap/support/notes/1986895  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13298 JVNDB-2014-002173 SAProuter の passwordCheck 関数におけるパスワードを取得される脆弱性 SAProuter (SAP Network Interface Router) の passwordCheck 関数は、最初に不正な文字を検出した際、Route Permission Table のエントリパスワードの検証を終了するため、パスワードを取得される脆弱性が存在します。 CVE-2014-0984 68385 CVE-2014-0984 29805 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002173.html 2014-04-15 2014-04-22 View