Bugtraq mailing list archives
Oracle Hyperion password disclosure...
From: Jeff Kayser <jeff.kayser () jibeconsulting com>
Date: Fri, 4 Sep 2015 17:14:39 +0000
Hi, all. Oracle Hyperion Rapid Deployment installer leaves plaintext passwords in config files and logfiles. Oracle has known about this for 2 years, and has decided not to patch any of the product versions prior to the latest version. I have additional details if anyone is interested. Jeff Kayser Jibe Consulting | Managing Principal Consultant 5000 Meadows Rd. Suite 300 Lake Oswego, OR 97035 O: 503-517-3266 | C: 503.901.5021 jeff.kayser () jibeconsulting com [cid:image009.jpg@01D00437.3D3091D0]<http://www.jibeconsulting.com/> [cid:image010.jpg@01D00437.3D3091D0] <http://www.linkedin.com/company/jibe-consulting> [cid:image011.jpg@01D00437.3D3091D0] <http://www.facebook.com/JibeConsulting> [cid:image012.jpg@01D00437.3D3091D0] <http://twitter.com/#!/JibeConsulting> [cid:image013.jpg@01D00437.3D3091D0] Disclaimer: This electronic message may contain information that is Confidential or legally privileged. It is intended only for the use of the individual(s) and entity named in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from your computer. Do not deliver, distribute or copy this message and do not disclose its contents or take any action in reliance on the information it contains.
Attachment:
Hyperion Essbase Rapid Deploy.docx
Description: Hyperion Essbase Rapid Deploy.docx
Current thread:
- Oracle Hyperion password disclosure... Jeff Kayser (Sep 04)
- <Possible follow-ups>
- Re: Oracle Hyperion password disclosure... jeff . kayser (Sep 09)