Companies using SAP AG's business management software could be vulnerable to
stealth attacks by hackers if their systems are not properly configured,
according to a computer security expert.
The vulnerability could leave SAP's customers open to sabotage, espionage and
fraud through so-called backdoor attacks, said Mariano NuÑez Di Croce, director
of research and development with computer security firm Onapsis.
The problem is significant because many of the world's largest corporations
use SAP's software to handle accounting, manufacturing and other crucial tasks.
"In a typical default installation, anybody can connect to an SAP database,
modify standard programs and do whatever they want without detection," said
Nuñez Di Croce, who will discuss the vulnerability next week at the Black Hat
Europe computer security conference in Barcelona.