[oracle] - passwords in clear text and password protected roles bypass

[Pete Finnigan <plsql () petefinnigan com>]

Hi Everyone,

I have just put two short papers on my website, the first discussing
clear text password transmissions when changing a users password in the
database and the second discussing the same issue with set role {blah}
identified by {blah}. The second paper also discusses an issue I found
whereby you can bypass the password protection assigned to a role. Both
papers describe the issues and also suggest some solutions. The papers
are available from:

http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
and
http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
m

Hope you find them useful.

kind regards

Pete
-- 
Pete Finnigan
email:pete () petefinnigan com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------