Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-3137
Description:The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Test IDs: 1.3.6.1.4.1.25623.1.0.803957  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-3137
BugTraq ID: 55651
http://www.securityfocus.com/bid/55651
http://www.exploit-db.com/exploits/22069
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/
http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html




© 1998-2024 E-Soft Inc. All rights reserved.