Brute-force attack on Oracle passwords feasible
Source: H Security - Posted by Dave Wreski   
Host Security A security researcher has provided details on vulnerabilities in the authentication protocol of Oracle's database that he originally discovered in 2010. The researcher, Esteban Martinez Fayó from security specialist AppSec, presented his findings and the methods by which they can be exploited at the ekoparty Security Conference; this is currently taking place in Buenos Aires. Although Oracle closed the hole with the 11.2.0.3 patch set, which introduced the new version 12 of the protocol in mid-2011, Fayó said that there has been no fix for versions 11.1 and 11.2 of the database because the update was never included in any of Oracle's regular "critical patch updates". The researcher explained that unless administrators activate the new protocol manually, the database will continue to use the vulnerable version 11.2 protocol.

Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!