← Voltar para CVEs
CVE-2012-3137
N/ADescricao
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado9/21/2012
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
oracle:database_serveroracle:primavera_p6_enterprise_project_portfolio_management
Fraquezas (CWE)
CWE-287
Referencias
http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/(secalert_us@oracle.com)
http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular(secalert_us@oracle.com)
http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html(secalert_us@oracle.com)
http://www.exploit-db.com/exploits/22069(secalert_us@oracle.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150(secalert_us@oracle.com)
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html(secalert_us@oracle.com)
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html(secalert_us@oracle.com)
http://www.securityfocus.com/bid/55651(secalert_us@oracle.com)
http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)
http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular(af854a3a-2127-422b-91ae-364da2661108)
http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/22069(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/55651(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.