Primary

Context

SAP GuiXT Credential Storage Vulnerability in Windows Registry

Vulnerability

A vulnerability exists in the GuiXT application, which is integrated with SAP GUI for Windows. The issue arises because the application employs obfuscation algorithms instead of secure symmetric ciphers to store the credentials of an RFC user on the client PC. This flaw allows an attacker with access to the user's Windows registry to reconstruct the original password, significantly compromising confidentiality. However, there is no impact on the integrity or availability of the application.

Impact

Exploitation of this vulnerability allows for the recreation of RFC user passwords from the Windows registry, leading to unauthorized access.

Remediation

Users are advised to review and implement the latest SAP Security Notes. For guidance on accessing and applying these security updates, consult the SAP Security Notes FAQs or the SAP Security Patch Day Bulletin.

Added: Jul 8, 2025, 1:29 AM

Updated: Jul 8, 2025, 1:29 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP GuiXT Credential Storage Vulnerability in Windows Registry

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating