Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: [oracle] - passwords in clear text and password protected roles bypass

[oracle] - passwords in clear text and password protected roles bypass

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Sun, 14 Mar 2004 19:18:26 +0000

Hi Everyone,

I have just put two short papers on my website, the first discussing
clear text password transmissions when changing a users password in the
database and the second discussing the same issue with set role {blah}
identified by {blah}. The second paper also discusses an issue I found
whereby you can bypass the password protection assigned to a role. Both
papers describe the issues and also suggest some solutions. The papers
are available from:

http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
and
http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
m

Hope you find them useful.

kind regards

Pete 

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
Received on Mar 15 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos