SAP HANA Database, version – 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26834
Reference (s):
- https://launchpad.support.sap.com/#/notes/2978768
- URL: https://launchpad.support.sap.com/#/notes/2978768
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
- URL: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079