QwikSec

Security Database

CVE

CWE

Training

CVE-2007-6260

Published: Dec 6, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.davidlitchfield.com/blog/archives/00000030.htm

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_BID

20071113 Oracle 11g/10g Installation Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.