Oracle Database Authentication Protocol Vulnerability

Last Update Date: 25 Sep 2012 11:56 Release Date: 25 Sep 2012 4132 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Database Servers

TYPE: Database Servers

A vulnerability was identiified in Oracle Database. A remote user can determine user password hashes.

A remote user can send a few specially crafted network packets to obtain information about the session key and cryptographic salt for a target user. The information can be used to determine the cryptographic password hash.

The attack can be conducted without the database recording failed login attempts.

Impact

  • Information Disclosure

System / Technologies affected

  • Oracle Database 11g Releases 1 and 2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vulnerability is reportedly fixed version 12 of the authentication protocol. Administrators must configure the system to use only version 12 of the protocol.
  • No solution was available for version 11.1 of the authentication protocol at the time of this entry.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Internet Explorer Multiple Vulnerabilities

18 Sep 2012 4466 Views

Next

Microsoft Internet Explorer 10 Multipule Vulnerabilities

25 Sep 2012 3991 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY