The following volumes are already available for free download:
2009-11-25 - Volume I: The risks of downwards compatibility
SAP has implemented different password hashing procedures along its history.
While each new version has increased the security level of the hashing scheme, some backward compatibility aspects not considered in the implementation phase may provide room for practical attacks over the users’ stored credentials. Through the exploitation of these weaknesses, malicious attackers would be able to escalate privileges over vulnerable systems and perform business processes on behalf other users.
This volume details the evolution of the hashing mechanisms developed by SAP, analyzes the different risks of attacks to this sensitive information and provides practical solutions to protect the company’s SAP platform, effectively decreasing business fraud risks
TABLE OF CONTENTS
What is the SAP Security In-Depth Publication?
2. SAP Password Cracking
3. The Risks of Downwards Compatibility
4. Protecting SAP Password Hashes