exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SAP Mobile Platform DataVault Predictable Encryption Password

SAP Mobile Platform DataVault Predictable Encryption Password
Posted Aug 12, 2015
Authored by Fernando Russ | Site onapsis.com

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault has a special mechanism to generate a default set of credentials if no password/salt is supplied during the creation of the secure storage. In this mode of operation the password/salt is derived from a combination of fixed values and the VaultID belonging to the secure storage.

tags | advisory
SHA-256 | 32913d9c0e2b94e7527b9505f766bc7240c4bd0dc83949976a4b1580dfab6d6d

SAP Mobile Platform DataVault Predictable Encryption Password

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault
Predictable Encryption Password for Secure Storage


1. Impact on Business
- ---------------------

By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to read sensitive information, including
encrypted log in credentials, stored in the device, potentially
connecting to business applications and accessing or modifying business
information

Risk Level: High

2.Advisory Information
- -----------------------

* Public Release Date: 2015-08-12
* Subscriber Notification Date: 2015-08-12
* Last Revised: 2015-08-12
* Security Advisory ID: ONAPSIS-2015-012
* Onapsis SVS ID: ONAPSIS-00149
* CVE: Not Assigned
* Researcher: Fernando Russ
* Initial Base CVSS v2: 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N)


3. Vulnerability Information
- ----------------------------

* Vendor: SAP AG
* Affected Components:
­ * SAP Mobile Platform 3.0 SP05 ClientHub
* Vulnerability Class: Use of Hard-coded Cryptographic Key (CWE-321)
* Remotely Exploitable: No
* Locally Exploitable: Yes
* Authentication Required: No
* Original Advisory:
http://www.onapsis.com/research/security-advisories/

4.Affected Components Description
- ----------------------------------

The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is
used to securely store data on mobile devices. As described by SAP AG
"[...] The DataVault APIs provide a secure way to persist and encrypt
data on the device. The data vault uses AES-256 symmetric encryption of
all its contents. The AES key is computed as a hash of the passcode
provided and a ‘salt’ value that can be supplied by the device
application developer, or automatically generated through the API [...]"

5.Vulnerability Details
- ------------------------

The SAP DataVault has a special mechanism to generate a default set of
credentials if no password/salt is supplied during the creation of the
secure storage.

In this mode of operation the password/salt is derived from a
combination of fixed values and the VaultID belonging to the secure storage.


6.Solution
- -----------

Implement SAP Security Note 2094830.


7. Report Timeline
* 11/07/2014: Onapsis provides vulnerability information to SAP AG.
* 11/08/2014: SAP AG confirms having received the information.
* 04/08/2015: SAP AG releases SAP security note 2094830 fixing the
vulnerability
* 08/12/2015: Security Advisory is released.



About Onapsis Research Labs
- ---------------------------

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth knowledge
and experience to deliver technical and business-context with sound
security judgment to the broader information security community.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team

iEYEARECAAYFAlXLXZ8ACgkQz3i6WNVBcDXUkACeKV+76wa7IHncrIHFu9GhtJgu
9kYAoLOQN6rGuTkqA4s/ReBA/Uggt6bC
=hiVs
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close