A vulnerability in Oracle's database server has been detected, which could allow attackers to easily crack users' passwords. The vulnerability, affecting Oracle Database 11g Releases 1 and 2, lies within a flawed authentication process that could allow attackers to link a particular password hash with a session key, a report from Kaspersky Labs said. According to Esteban Martinez Fayo, a researcher at AppSec, Oracle has fixed the problem in version 12 of the database, but does not plan to patch the issue in the 11.1 version, the report said.
Breach, Data security, Network security, Vulnerability management
Password cracking vulnerability in Oracle database
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news