Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 10, 2016
Recovering SAP RFC Credentials from Network Traffic Emiliano Fausto - ekoparty security conference #eko11 (2015)
SAP RFC is the most widely used communication protocol in the SAP world. It acts as an interface to communicate SAP Systems, and between compatible third-party systems over TCP/IP or CPI-C connections. SAP RFC is a proprietary SAP AG protocol, which provides a way for external programs to send and receive data from an SAP system, even executing functions on the remote server. The almost only authentication mechanism used to authenticate through SAP RFC basically relies on sending the user credentials to the server. These credentials are "scrambled" prior to be sent, for privacy concerns. We find this authentication mechanism implemented in almost every assessment we perform.