Test ID:	1.3.6.1.4.1.25623.1.0.803957
Category:	Databases
Title:	Oracle Database Server Authentication Protocol Security Bypass Vulnerability
Summary:	Oracle Database Server is prone to a security bypass vulnerability.
Description:	Summary: Oracle Database Server is prone to a security bypass vulnerability. Vulnerability Insight: Flaw is due to an error occurs in the authentication protocol. A flaw exists in authentication protocol, which allows arbitrary users to obtain session key and salt. Vulnerability Impact: Successful exploitation will allow attackers to bypass the authentication process, gain unauthorized access to the database and obtain sensitive information. Affected Software/OS: Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 Solution: Apply the updates from the referenced advisories. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3137 BugTraq ID: 55651 http://www.securityfocus.com/bid/55651 http://www.exploit-db.com/exploits/22069 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/ http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.