10KBLAZE – Great Danger for SAP-Systems

M.Sc. Chris Wojzechowski

10KBLAZE – Great Danger for SAP-Systems

The Exploit 10KBLAZE construction kit was opened and represents a major danger for the majority of all SAP systems. The Office for Cyber Security and Digital Infrastructure (CISA) from the USA announced a public warning message for the SAP systems on May 2, 2019.

What is SAP?

SAP is a software company from Germany with the advertised name Systems, Applications and Products in Data Processing. Based in Walldorf, Germany, the company is the market leader in Germany with approximately 335,000 customers and 12,000,000 users (Wikipedia), in terms of sales of all software companies.

This is precisely why a security gap is so explosive, as the company is one of the most valuable in Germany and known worldwide. In general, the company creates and installs software for other companies to simplify and digitize all business processes.

If you want to get more information visit the website from SAP.

10KBLAZE – The Danger

The Onapsis experts estimate that approximately 90% of all SAP systems are affected by the vulnerabilities. 10KBLAZE misuses misconfigurations within the SAP systems so that, for example, an unauthorized user can execute commands for which he has no authorization. This can happen if the SAP gateways are incorrectly configured, which is one of the three main types of attacks reported by CISA. Even the factory setting of the secinfo configuration of the gateway allows it to execute commands remotely, and the default settings of the SAP Message Server are also a possible attack point for hackers, as the settings allow a man-in-the-middle attack. For this attack, the attacker only has to be in the SAP network and can thus obtain additional logon data. This is done by the perpetrator reading messages and falsifying them so that he or she can simply misuse the logon data specified in other messages.

How do I protect myself?

CISA recommends securing the configurations of the individual SAP components so that unauthorized access cannot occur. The insecure default settings should be checked and corrected manually. As Fabian A. Scherschel of heise-online commented: “SAP systems are not designed to be exposed to the Internet because it is an untrusted network.” The SAP system should be connected to the Internet as little as possible.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.