Hardcoded credentials

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial...

CVE-2016-3684

SAP Download Manager (versions up to 2.1.142) stores sensitive values in a configuration file encrypted with a hard-coded key. On Windows/Mac, the key combines the BIOS serial with a fixed key; on Linux/other platforms, the key is a fixed hard-coded value. This enables context-dependent attackers...

CVE-2016-3685

Affected software: SAP Download Manager up to version 2.1.142. Root cause: encryption of sensitive values stored in a configuration file uses a fixed static key; on Windows and macOS the key is the BIOS serial number concatenated with a hard-coded key, enabling attackers with local access to reco...

SAP Download Manager Password Weak Encryption

1. Advisory Information Title: SAP Download Manager Password Weak Encryption Advisory ID: CORE-2016-0004 Advisory URL: Date published: 2016-03-09 Date of last update: 2016-03-07 Vendors contacted: SAP Release mode: Coordinated release 2. Vulnerability Information Class: Storing Passwords in a...