Oracle Database Password Information Disclosure Vulnerability
30 October 2012
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 18.104.22.168, 22.214.171.124, and 126.96.36.199 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.
Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs. Before that, he was mostly known for his work with OWASP and the development of ModSecurity.