September 21, 2012

Password cracking vulnerability in Oracle database

A vulnerability in Oracle's database server has been detected, which could allow attackers to easily crack users' passwords. The vulnerability, affecting Oracle Database 11g Releases 1 and 2, lies within a flawed authentication process that could allow attackers to link a particular password hash with a session key, a report from Kaspersky Labs said. According to Esteban Martinez Fayo, a researcher at AppSec, Oracle has fixed the problem in version 12 of the database, but does not plan to patch the issue in the 11.1 version, the report said.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.