The Hidden Dangers of Outdated SNC Encryption in SAP Systems: Why It's Time for an Upgrade

The Illusion of Security

In the complex world of SAP communications, security often feels like a moving target. Companies invest in single sign-on (SSO) solutions for SAP GUI and then relax, assuming their data is safe. But this false sense of security can be dangerous, especially when outdated encryption libraries are still in use.

Many organizations still rely on older SNC libraries and communication protocols that are vulnerable to attacks

Let’s delve into the underappreciated vulnerabilities of using old SNC encryption based on the obsolete RFC-1964 Kerberos 5 or the GSS-API v2 NTLM wrapper from SAP for Microsoft's SSPI.

The Legacy of Secure Network Communications (SNC)

Secure Network Communications (SNC) was integrated into SAP components as early as 1997, with the aim to protect data communication paths using protocols like RFC or DIAG. SNC itself doesn't provide security mechanisms but offers an interface for external security products through the Generic Security Services Application Programming Interface Version 2 (GSS-API V2).

The SAP CommonCryptoLib: A Modern Solution

Today, SAP’s CommonCryptoLib is the go-to for various cryptographic functions needed across different SAP applications and components, including TLS, SAML, SSF, SPNEGO, and SNC. It supports:

• SNC Kerberos and X.509 concurrently (aka hybrid-mode)
• Client-to-server SNC with X.509 certificates
• Server-to-server SNC with X.509 certificates
• Both encryption without SSO and with Single Sign-On

The Problem with Outdated SNC Libraries

Many organizations still rely on the free SNC libraries mentioned in SAP Note 352295. However, with the parameter snc/gssapi_lib according to the Highlander principle "There can be only one" only one library can be used at a time (at the backend), often sidelining the robust (default) SAP CommonCryptoLib in favor of these older alternatives just for the purpose of insecure SAP GUI SSO.

Using outdated libraries restricts SNC functionality. For example, it hampers the ability to maintain a secure SNC Personal Security Environment (PSE) in STRUST and establish a secure and SNC-protected server-to-server interface communication.

This limitation affects both Kerberos and X.509-based SNC, crucial for parallel operations and comprehensive security. With outdated SNC libraries, only basic client-to-server encryption and SSO is possible, often based on far outdated Kerberos service accounts and RC4 encryption.

Relevant Articles

Before diving into the topic, you might find these related articles helpful:

• Navigating SAP SSO: Choosing Between SAP Single Sign-On 3.0 and SAP Secure Login Service for SAP GUI
• The Ultimate Showdown: SAML 2.0 vs OpenID Connect in SAP Web Applications
• Understanding SAP SNC Kerberos Authentication
• Understanding Mutual Authentication: Comparing mTLS and SAP SNC
• Navigating the overall hybrid SAP landscape with SAP Cloud Identity Services
• Enhancing SAP Environments Security: A Deep Dive into SAP SSO and SNC

The Need for Regular Security Patching

In the world of SSL/TLS, regular patching and updates are standard practice to mitigate risks like downgrade attacks or vulnerabilities like the Heartbleed bug, POODLE, BEAST, DROWN, or FREAK.

SNC, using GSS-API, encrypts data at the NI protocol level, unlike TLS, which operates at the transport layer of the TCP/IP stack. Despite this, SNC is often neglected in terms of ongoing security hygiene

Misconceptions About SNC

For many, SNC is just an add-on for the SAP GUI, with a little lock icon providing a false sense of security. This misconception leads to complacency, ignoring the critical role of SNC in ensuring authenticity, integrity, and confidentiality across SAP systems. Most of the outdated libraries only support Kerberos or NTLM, lacking the hybrid mode available with the SAP CommonCryptoLib.

Vulnerabilities in Cryptographic Libraries

Both SAP CommonCryptoLib and other cryptographic libraries are susceptible to various attacks, including memory leaks, downgrade attacks, XML signature validation issues, and padding attacks. Outdated libraries are particularly vulnerable to exploits targeting these weaknesses.

Hardening the SAP CommonCryptoLib: A Critical Security Measure

Most organizations are unaware of the SNC protocols 1993, 2010_1_0, and 2010_1_1. While the 1993 protocol is outdated and should no longer be used, newer protocols offer better security. The implementation of these protocols varies, affecting key exchange methods and ciphersuites negotiation, all of which are crucial for secure communication.

The deployment of an up-to-date and hardened SAP CommonCryptoLib is crucial for the security of SAP products

As the core cryptographic library used across various SAP applications, it must be regularly updated to close potential security gaps. Failing to do so leaves systems vulnerable to exploits, as demonstrated by recent vulnerabilities identified in versions prior to 8.5.50.

CVE-2023-40308: Memory Corruption Vulnerability: One such vulnerability, with a CVSS score of 7.5, pertains to a memory corruption issue within the CommonCryptoLib. This vulnerability could potentially allow attackers to execute arbitrary code or cause a denial of service, impacting the availability and integrity of SAP systems.        

CVE-2023-40309: Missing Authorization Check: Another critical vulnerability, scored at 9.8 on the CVSS scale, involves a missing authorization check. This flaw could enable unauthorized users to escalate privileges, read, modify, or delete sensitive data, severely compromising the confidentiality and security of the system.        

Essential Steps for Hardening CommonCryptoLib

To mitigate these risks, it is imperative to adopt a comprehensive strategy that includes the following measures:

• Conduct a thorough audit: of all communication protocols used within their SAP environment. Identify and document any instances of insecure protocols.
• Plan and execute: The migration to secure communication protocols such as the latest versions of SNC with CommonCryptoLib.
• Kernel and CommonCryptoLib Maintenance: Ensure that both the SAP kernel and the CommonCryptoLib are kept up-to-date with the latest patches. This practice is fundamental in protecting against newly discovered vulnerabilities.
• Protocol Versions and Cipher Suites: Implement stringent CCL hardening by utilizing secure protocol versions and robust cipher suites. This reduces the attack surface and enhances the overall security posture.
• Client-to-Server and Server-to-Server Encryption: Establish robust encryption mechanisms for both client-to-server and server-to-server communications. This ensures data protection and authenticity across all communication channels.
• Rejecting Unencrypted Communication: Enforce policies that deny any unencrypted communication (where possible), thereby safeguarding sensitive information from potential interception.
• Regular Architecture Reviews and Penetration Testing: Conduct frequent security architecture reviews and penetration tests to identify and remediate potential vulnerabilities proactively.

• Train IT staff: on the importance of secure communication and the specific requirements and implement and enforce strict policies to prevent the use of insecure protocols.

Conclusion: Embrace Modern Security Practices

In conclusion, the importance of using a thoroughly hardened and current version of CommonCryptoLib cannot be overstated. Regular updates and a proactive security approach are essential to defend against exploits that could otherwise compromise SAP systems.

By implementing these best practices, organizations can significantly enhance their security posture and protect critical data from emerging threats. For more detailed guidelines and updates, refer to the latest SAP Notes and security advisories.

Sources for Further Reading:

• SAP Note 352295
• SAP Note 510007
• SAP Note 2338952
• BSI Grundschutz-Kompendium APP.4.2.A18

By adhering to the BSI guideline, these organizations can significantly enhance their security posture. Specifically, implementing secure SNC libraries like the CommonCryptoLib and disabling outdated protocols can protect sensitive SAP data from interception and unauthorized access.

By addressing these vulnerabilities proactively, companies can ensure their SAP systems are secure and not just seemingly so.

Attacks on SNC are not a distant threat - they are already here. Relying on poorly configured or outdated SNC libraries (and this applies equally to TLS) only exemplifies the flawed principle of "Security-by-Obscurity." This approach provides a misleading sense of security and ultimately undermines true cybersecurity awareness. It's time to face the facts: robust security requires proactive measures, continuous updates, and a commitment to using modern, well-maintained cryptographic solutions. Don't let outdated libraries be the weak link in your SAP infrastructure. Embrace comprehensive, up-to-date security practices to protect your data and maintain trust.

Organizations must move away from using over 20-year-old SNC libraries. Even with the latest SAP CommonCryptoLib and SAP SSO components, continuous security hygiene is essential.

Carsten Olt

Head of SAP IAM, Xiting