Back in 2013, an expiring Java certificate in SAP BusinessObjects software created a mini-crisis, one that SAP Mentor Alumnus Greg Myers dubbed as WebiJavaGeddon. SAP provided ample warning “seven ways to Sunday” (according to Greg) and patches (see SAP KB 1899825). SAP customers and partners provided the wit on social media (remember Twitter).
In 2019, Google shipped Chrome 75 and unleashed Chromageddon. Unlike WebiJavaGeddon, which was limited to SAP BusinessObjects users, Chromageddon was a big issue for all Chrome users. Both Google and SAP responded with patches.
April 14, 2026, was Patch Tuesday for the software industry. While SAP announced 19 new vulnerabilities (including three related to SAP BusinessObjects) there was no advanced warning what was coming from Redmond, Washington. Microsoft chose this month to introduce Kerberos RC4 hardening into Windows Server. One of InfoSol’s customers was unaware until the weekend scheduled Windows OS reboot when the patches became effective on their BusinessObjects environments.
Let’s call this week’s crisis Ron Rivest’s Reckoning or WebiJavaGeddon III: The Kerbocalypse. RC4 is an old encryption method invented by Ron that scrambles information using a shared secret key. It has its own Wikipedia page and I’m surprised nobody has updated it in light of Microsoft’s recent actions. It was one of the encryption methods that SAP encouraged to configure Single-Sign On (SSO) for SAP BusinessObjects.
If you think your organization is experiencing The Kerbocalypse, check out the article RC4: Ron Rivest’s Reckoning on InfoSol’s Speak BO website. Registration is free.
Share your organization’s experience with WebiJavaGeddon III: The Kerbocalypse in the comments below.
