Case Study #008.01

Scenario

A malicious user who has infiltrated the system with a user account attempts to obtain password hash codes and use Hashcat or similar tools to crack the passwords.

Impact

If the passwords in an SAP system are weak or commonly used, they can be cracked after the hash codes are compromised, exposing the system to security breaches.

DefenceMore OCA Capabilities

Defencemore OCA's P010 control checks whether the password hash codes are hidden in critical password tables. If tables containing hash codes are identified, the K008 control logs these activities. If password hash information is downloaded from the system, the K004 control observes this action and generates a violation record.

Related Checks

• P010 Password Hash Code Check
• K008 Password Hash Table Display Logging
• K004 Data Download Logs