DerScanner
Home / Vulnerability Database / ABAP : Unsafe password settings
ABAP

ABAP : Unsafe password settings

Classification

OWASP Top 10 2013
A2-Broken Authentication and Session ManagementA6-Sensitive Data Exposure
OWASP Top 10 2017
A2-Broken AuthenticationA3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure DesignA7-Identification and Authentication Failures
OWASP MASVS
V2: 2.2.(L1/L2/L1+R/L2+R)V8: 8.11.(L1+R/L2+R)
OWASP ASVS
Authentication
PCI DSS 4.0
6.2.48.3.28.6
CWE
CWE-261CWE-1028CWE-1032

Overview

Unsafe password settings have been set.

To protect passwords, the value of login/password_downwards_compatibility must be set to 0 to avoid storing older and vulnerable password hashes that can be attacked.

References

  1. OWASP Top 10 2013-A5-Security Misconfiguration
  2. OWASP Top 10 2013-A6-Sensitive Data Exposure
  3. Profile Parameters for Logon and Password (Login Parameters)
  4. OWASP Top 10 2017-A2-Broken Authentication
  5. OWASP Top 10 2017-A3-Sensitive Data Exposure
  6. CWE-261: Weak Encoding for Password
  7. CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication
  8. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM

DerScanner Severity Score

Do you want to fix ABAP : Unsafe password settings in your application?

See also

ABAP

ABAP : Insufficient authorization check

ABAP

ABAP : Empty password

ABAP

ABAP : Weak seed of random number generator