Vahagn Vardanyan

Researched TeamViewer's software password manager in 2018 and discovered that TeamViewer saved passwords without encrypting them, meaning that any low-privileged user could use memory to extract passwords.

Conducted research on TeamViewer software remote login functionality in 2018 and found a vulnerability that puts PINs for the remote machine at risk and would allow someone from outside the company to log in to the remote machine.

Discovered three vulnerabilities in SAP NetWeaver by performing cybersecurity research in 2016. If someone were to use all three vulnerabilities simultaneously, they could get full access to the SAP Netweaver system.

Using these vulnerabilities, they wouldn't require authorization to discover user logins, get login password hashes, decrypt all user passwords, and log in to the SAP admin console.

Performed cybersecurity research on Windows 10 systems in 2018 and discovered a vulnerability with the default ZIP functionality. Microsoft added a new feature for encrypted ZIP files, which was implemented to make the system more user-friendly.

After the feature was released, the system would save the file password to its memory once a user opened an encrypted ZIP file. When the user tried to open the ZIP file again, Windows would take the file path, search the memory, and use the stored password. I discovered that it was possible to see the encrypted ZIP file's password by hooking SHUnicodeToAnsi from shlwapi.dll.

Carried out cybersecurity research between 2016 and 2020 and analyzed the security of Oracle's software, which led to identifying multiple critical vulnerabilities and finding numerous security issues.

With a CVSS rating of 9.9, the vulnerability fixed in SAP Security Note #3242933 affects SAP Manufacturing Execution and is considered significant.

The URL used to inquire about this data included a file path argument that could be modified to provide unrestricted directory browsing on the remote server. The operating system user running the NetWeaver process or service could access the files in each directory, and the code fix in the patch takes care of the route internally. This prevents the value from being sent in dynamically as a query string. With a CVSS score of 9.9, the effect on confidentiality, integrity, and availability may be substantial depending on the information accessed during an attack.

SAP suggests a temporary fix in which sensitive data is removed from the file systems available to the operating system user, and the operating system user's access to unnecessary file paths is restricted.

Introducing our groundbreaking AI-powered password testing module for ABAP stack, a cutting-edge solution designed to revolutionize password security. This advanced module utilizes artificial intelligence and machine learning algorithms to analyze and evaluate password strength with unprecedented accuracy. With an extensive database of over 20 million passwords, including leaked credentials, our module employs intelligent brute force techniques to identify weak and easily guessable passwords.