Vulnerability Development mailing list archives
[oracle] - passwords in clear text and password protected roles bypass
From: Pete Finnigan <plsql () petefinnigan com>
Date: Sun, 14 Mar 2004 19:18:26 +0000
Hi Everyone, I have just put two short papers on my website, the first discussing clear text password transmissions when changing a users password in the database and the second discussing the same issue with set role {blah} identified by {blah}. The second paper also discusses an issue I found whereby you can bypass the password protection assigned to a role. Both papers describe the issues and also suggest some solutions. The papers are available from: http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm and http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht m Hope you find them useful. kind regards Pete -- Pete Finnigan email:pete () petefinnigan com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
Current thread:
- [oracle] - passwords in clear text and password protected roles bypass Pete Finnigan (Mar 14)