CVE-2012-3137
CVE-2012-3137
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Produtos afetados
n/a · n/aPoCs públicas encontradas — 4
githubgithub.com/r1-/cve-2012-3137★ 4githubgithub.com/hantwister/o5logon-fetch★ 3cve_referencewww.exploit-db.com/exploits/22069não verificadoexploitdbwww.exploit-db.com/exploits/22069não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popularhttp://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.htmlhttp://www.exploit-db.com/exploits/22069http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlhttp://www.securityfocus.com/bid/55651