Penetration Testing mailing list archives
[oracle] - passwords in clear text and password protected roles bypass
From: Pete Finnigan <plsql () petefinnigan com>
Date: Sun, 14 Mar 2004 19:17:47 +0000
Hi Everyone, I have just put two short papers on my website, the first discussing clear text password transmissions when changing a users password in the database and the second discussing the same issue with set role {blah} identified by {blah}. The second paper also discusses an issue I found whereby you can bypass the password protection assigned to a role. Both papers describe the issues and also suggest some solutions. The papers are available from: http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm and http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht m Hope you find them useful. kind regards Pete -- Pete Finnigan email:pete () petefinnigan com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- [oracle] - passwords in clear text and password protected roles bypass Pete Finnigan (Mar 15)