Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2012-3137

Published: 21/09/2012 Updated: 28/11/2016
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 676
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Oracle

Vulnerability Summary

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote malicious users to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

oracle database server 10.2.0.3

oracle database server 10.2.0.4

oracle database server 10.2.0.5

oracle database server 11.1.0.7

oracle database server 11.2.0.2

oracle database server 11.2.0.3

oracle primavera p6 enterprise project portfolio management 8.4

oracle primavera p6 enterprise project portfolio management 8.2

oracle primavera p6 enterprise project portfolio management 8.3

Exploits

Exploit DB: Oracle Database - Protocol Authentication Bypass
source: wwwsecurityfocuscom/bid/55651/info Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database This vulnerability affects Oracle Database 11g Release 1 and 11g R ...

Nmap Scripts

oracle-brute-stealth

Exploits the CVE-2012-3137 vulnerability, a weakness in Oracle's O5LOGIN authentication scheme. The vulnerability exists in Oracle 11g R1/R2 and allows linking the session key to a password hash. When initiating an authentication attempt as a valid user the server will respond with a session key and salt. Once received the script will disconnect the connection thereby not recording the login attempt. The session key and salt can then be used to brute force the users password.

nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL <host>

PORT     STATE  SERVICE REASON
1521/tcp open  oracle  syn-ack
| oracle-brute-stealth:
|   Accounts
|     dummy:$o5logon$1245C95384E15E7F0C893FCD1893D8E19078170867E892CE86DF90880E09FAD3B4832CBCFDAC1A821D2EA8E3D2209DB6*4202433F49DE9AE72AE2 - Hashed valid or invalid credentials
|     nmap:$o5logon$D1B28967547DBA3917D7B129E339F96156C8E2FE5593D42540992118B3475214CA0F6580FD04C2625022054229CAAA8D*7BCF2ACF08F15F75B579 - Hashed valid or invalid credentials
|   Statistics
|_    Performed 2 guesses in 1 seconds, average tps: 2
oracle-brute-stealth

Exploits the CVE-2012-3137 vulnerability, a weakness in Oracle's O5LOGIN authentication scheme. The vulnerability exists in Oracle 11g R1/R2 and allows linking the session key to a password hash. When initiating an authentication attempt as a valid user the server will respond with a session key and salt. Once received the script will disconnect the connection thereby not recording the login attempt. The session key and salt can then be used to brute force the users password.

nmap --script oracle-brute-stealth -p 1521 --script-args oracle-brute-stealth.sid=ORCL <host>

PORT     STATE  SERVICE REASON
1521/tcp open  oracle  syn-ack
| oracle-brute-stealth:
|   Accounts
|     dummy:$o5logon$1245C95384E15E7F0C893FCD1893D8E19078170867E892CE86DF90880E09FAD3B4832CBCFDAC1A821D2EA8E3D2209DB6*4202433F49DE9AE72AE2 - Hashed valid or invalid credentials
|     nmap:$o5logon$D1B28967547DBA3917D7B129E339F96156C8E2FE5593D42540992118B3475214CA0F6580FD04C2625022054229CAAA8D*7BCF2ACF08F15F75B579 - Hashed valid or invalid credentials
|   Statistics
|_    Performed 2 guesses in 1 seconds, average tps: 2

Github Repositories

https://github.com/hantwister/o5logon-fetch

Attempts to exploit CVE-2012-3137 on vulnerable Oracle servers

o5logon-fetch A small Java program that attempts to exploit CVE-2012-3137 on vulnerable Oracle 11 servers By exploiting this vulnerability, you can run offline brute force attacks until you discover a given user’s password, without any apparent audit trail Vulnerability Details A good writeup on the vulnerability, including ways to protect yourself from it, are availabl

https://github.com/quentinhardy/odat

ODAT: Oracle Database Attacking Tool

Quentin HARDY quentinhardy@protonmailcom quentinhardy@btcom ODAT ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a vali

https://github.com/rohankumardubey/odat

Quentin HARDY quentinhardy@protonmailcom quentinhardy@btcom ODAT ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a vali

https://github.com/rossw1979/ODAT

Quentin HARDY quentinhardy@protonmailcom quentinhardy@btcom ODAT ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a vali

References

CWE-287http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popularhttp://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlhttp://www.exploit-db.com/exploits/22069http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/55651https://nvd.nist.govhttps://www.exploit-db.com/exploits/22069/https://github.com/hantwister/o5logon-fetch
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook