-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault Predictable encryption passwordsfor Configuration Values 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device would be able to decrypt and modify sensitive configuration values used by SAP business applications. Risk Level: High 2. Advisory Information - ----------------------- * Public Release Date: 2015-08-12 * Subscriber Notification Date: 2015-08-12 * Last Revised: 2015-08-12 * Security Advisory ID: ONAPSIS-2015-0011 * Onapsis SVS ID: ONAPSIS-00149 * CVE: Not assigned * Researcher: Fernando Russ * Initial Base CVSS v2: 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N) 3. Vulnerability Information - ---------------------------- * Vendor: SAP AG * Affected Components: * SAP Mobile Platform 3.0 SP05 ClientHub * Vulnerability Class: Use of Hard-coded Cryptographic Key (CWE-321) * Remotely Exploitable: No * Locally Exploitable: Yes * Authentication Required: No * Original Advisory: https://www.onapsis.com/research/security-advisories/SAP-Mobile-Platform-Predictable-Encryption-Password-for-Configuration-Values 4. Affected Components Description - ---------------------------------- The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. As described by SAP AG "[...] The DataVault APIs provide a secure way to persist and encrypt data on the device. The data vault uses AES-256 symmetric encryption of all its contents. The AES key is computed as a hash of the passcode provided and a ‘salt’ value that can be supplied by the device application developer, or automatically generated through the API [...]" 5. Vulnerability Details - ------------------------ The SAP DataVault uses a special password derived from well-known values to encrypt some configuration values like the count of invalid attempts to unlock a secure store. This password is a composition of a value which is available in plaintext form inside the secure store container, and a fixed value. Also, the salt used is fixed. Both values are statically defined by the SAP DataVault implementation, and do not depend neither on the installation nor on the usage of the DataVault. 6. Solution - ----------- Implement SAP Security Note 2094830. 7. Report Timeline - ------------------ * 11/07/2014: Onapsis provides vulnerability information to SAP AG. * 11/08/2014: SAP AG confirms having received the information. * 04/08/2015: SAP AG releases SAP security note 2094830 fixing the vulnerability * 08/12/2015: Security Advisory is released. About Onapsis Research Labs - --------------------------- Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlXLXXEACgkQz3i6WNVBcDXHzgCdFcY7MtChSCFGXIZHI5E2BZFA NbQAoLxIogVIwsqLsp9OsXjdlKzOvOpM =C9yq -----END PGP SIGNATURE-----