The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2012-09-21T23:00:00
Updated: 2024-08-06T19:57:50.340Z
Reserved: 2012-06-06T00:00:00
Link: CVE-2012-3137
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-09-21T23:55:01.230
Modified: 2024-11-21T01:40:16.687
Link: CVE-2012-3137
Redhat