SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Primavera Products Suite Vendors:   Oracle
(Oracle Issues Fix for Oracle Primavera Products Suite) Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users
SecurityTracker Alert ID:  1036380
SecurityTracker URL:  http://securitytracker.com/id/1036380
CVE Reference:   CVE-2012-3137   (Links to External Site)
Date:  Jul 19 2016
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Oracle Database. A remote user can determine user password hashes. Oracle Primavera Products Suite is affected.

A remote user can send a few specially crafted network packets to obtain information about the session key and cryptographic salt for a target user. The information can be used to determine the cryptographic password hash.

The attack can be conducted without the database recording failed login attempts.

Esteban Martinez Fayo, AppSec Inc., reported this vulnerability.

Impact:   A remote user can obtain session key and cryptographic salt information to determine a target user's password.
Solution:   Oracle has issued a fix for CVE-2012-3137 for Oracle Primavera Products Suite.

The Oracle advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html (Links to External Site)
Cause:   Access control error, State error

Message History:   This archive entry is a follow-up to the message listed below.
Sep 24 2012 Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC