SAP ASE leaves sensitive credentials in installation logs

Read the original article: SAP ASE leaves sensitive credentials in installation logs


SAP users should deploy the patches for Adaptive Server Enterprise (ASE) released last month because the server fails to clear credentials from persistent installation logs. Even though the credentials are encrypted or hashed, researchers warn that attackers can easily decrypt them to gain full access to a sensitive monitoring component.

Previously known as Sybase SQL Server, the SAP Adaptive Server Enterprise (ASE) is a high-performance relational database with on-premise and cloud deployment options. The product is used by over 30,000 organizations worldwide, including over 90% of the world’s top 50 banks.

To read this article in full, please click here

 

Advertise on IT Security News.


Read the original article: SAP ASE leaves sensitive credentials in installation logs

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!