QwikSec

Security Database

CVE

CWE

Training

CVE-2012-3137

Published: Sep 21, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html

x_refsource_MISC

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular

x_refsource_MISC

http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/

x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_MANDRIVA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.