lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 4 Jan 2007 18:43:03 -0000
From: "Mark Litchfield" <>
To: <>
Subject: SAP Security Contact

I do not like to bother this mailing list with such requests, but as you 
will see from below (SAP's response), I feel this is a last resort.  I have 
also phoned SAP leaving a voice mail but with no success.

So if anyone can assist with a contact email address at SAP, ideally an 
individual, this would be greatly appreciated.

Thanks in advance for any help.



From: SAP []
Sent: Thu 1/4/2007 3:16 PM
To: Mark Litchfield
Subject: Re: General Enquiry (KMM3303039I24953L0KM)


 Thank you for your interest in SAP. You will need to send your request 
directly to our headquarters location in writing.

 Here is the headquarters address.

 SAP Americas
 3999 West Chester Pike
Newtown Square,  Pa   19073

Original Message Follows: ------------------------
InfoRequest - General Enquiry

 Your Message
I am contacting SAP about:
General inquiry
Dear Sir / Madam,

I am conducting vulnerabvility research into SAP and the various components 
that make up SAP. So far my research has found 8 security vulnerabilities, 
some of which allow an attcker to execute code remotely on the SAP server as 
SYSTEM without the need for authentication.

I am looking for if possible, a security contact within SAP that I may share 
my findings with so the necessary code fixes can be put in place to prevent 
these issues.

Any assistance you could offer would be greatly appreciated.

Best Regards

Mark Litchfield

Powered by blists - more mailing lists