Back to search
CVE-2004-1367
Published: Jan 19, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20041223 Oracle clear text passwords (#NISR2122004D)
mailing-list
x_refsource_BUGTRAQ
VU#316206
third-party-advisory
x_refsource_CERT-VN
TA04-245A
third-party-advisory
x_refsource_CERT
http://www.ngssoftware.com/advisories/oracle23122004D.txt
x_refsource_MISC
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
x_refsource_CONFIRM
101782
vendor-advisory
x_refsource_SUNALERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now