The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2012-09-21T23:00:00

Updated: 2024-08-06T19:57:50.340Z

Reserved: 2012-06-06T00:00:00

Link: CVE-2012-3137

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-09-21T23:55:01.230

Modified: 2016-11-28T19:08:13.263

Link: CVE-2012-3137

cve-icon Redhat

Severity : Important

Publid Date: 2012-09-21T00:00:00Z

Links: CVE-2012-3137 - Bugzilla