Inception of the SAP Platform's Brain: Attacks to SAP Solution Manager

No ratings

Presented at ekoparty 2012 by

Juan Etchegoyen

Global Fortune 1000 companies, large government organizations, and defense entities, they share something in common: they all depend on SAP platform to manage their most critical business and information flow. In this scenario, any criminal cyber attacks seeking to conduct espionage, sabotage, or financial fraud, knows that these systems contain the jewels in the crown. SAP implementations in all there is a special system, which acts as the "brain" of the platform: the SAP Solution Manager. Using proprietary interfaces and protocols, the Solution Manager connects and manages all SAP systems "satellites" of the implementation (ERP, CRM, SCM, etc.). Therefore, if an attacker compromises the SolMan, might be able to extend its control over all settings that are under the control of the same. Moreover, because of weaknesses of the architecture, a malicious group will be possible to start by compromising one of the first satellite systems, and use it as a pivot to control SolMan. In this talk we will present, through various live demonstrations, innovative attack vectors that can be used in a hacker intrusion attempt to SAP Solution Manager, and result in a total commitment to implementation. Analyze the technical origins of the vulnerabilities that allow such attacks, and you need to know and do to mitigate these threats in your own organization.