Breach, Data Security, Network Security, Vulnerability Management

Password cracking vulnerability in Oracle database

A vulnerability in Oracle's database server has been detected, which could allow attackers to easily crack users' passwords. The vulnerability, affecting Oracle Database 11g Releases 1 and 2, lies within a flawed authentication process that could allow attackers to link a particular password hash with a session key, a report from Kaspersky Labs said. According to Esteban Martinez Fayo, a researcher at AppSec, Oracle has fixed the problem in version 12 of the database, but does not plan to patch the issue in the 11.1 version, the report said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.