A vulnerability in Oracle's database server has been detected, which could allow attackers to easily crack users' passwords. The vulnerability, affecting Oracle Database 11g Releases 1 and 2, lies within a flawed authentication process that could allow attackers to link a particular password hash with a session key, a report from Kaspersky Labs said. According to Esteban Martinez Fayo, a researcher at AppSec, Oracle has fixed the problem in version 12 of the database, but does not plan to patch the issue in the 11.1 version, the report said.