The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote malicious users to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle database server 10.2.0.3 |
||
oracle database server 10.2.0.4 |
||
oracle database server 10.2.0.5 |
||
oracle database server 11.1.0.7 |
||
oracle database server 11.2.0.2 |
||
oracle database server 11.2.0.3 |
||
oracle primavera p6 enterprise project portfolio management 8.4 |
||
oracle primavera p6 enterprise project portfolio management 8.2 |
||
oracle primavera p6 enterprise project portfolio management 8.3 |