The document discusses security issues in banking software systems. It describes how the banking software works, with a web server, application server, database, and operator environment. It then details vulnerabilities, including that all operators can directly connect to the database using a single 'dbo_admin' account with full access, and that the password for this account is encrypted but stored in a file that can be decrypted, exposing the password. It closes by noting this is a possible attack vector that could allow malware to access the database and cause damage.
21. Questions?
Digital Security in Moscow: +7 (495) 223-07-86
Digital Security in Saint Petersburg: +7 (812) 703-15-47
www.dsec.ru
www.erpscan.com
info@dsec.ru