Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

[oracle] - passwords in clear text and password protected roles bypass

From: Pete Finnigan <plsql () petefinnigan com>
Date: Sun, 14 Mar 2004 19:18:26 +0000
Hi Everyone,

I have just put two short papers on my website, the first discussing
clear text password transmissions when changing a users password in the
database and the second discussing the same issue with set role {blah}
identified by {blah}. The second paper also discusses an issue I found
whereby you can bypass the password protection assigned to a role. Both
papers describe the issues and also suggest some solutions. The papers
are available from:

http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
and
http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
m

Hope you find them useful.

kind regards

Pete
-- 
Pete Finnigan
email:pete () petefinnigan com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
Previous By Date Next
Previous By Thread Next

Current thread: