As soon as 11g came out I tested the ability to brute force it as per the NISR paper I wrote a while back..
http://www.ngssoftware.com/research/papers/oraclepasswords.pdf
(moved to http://www.ngssoftware.com/Libraries/Documents/01_07_Oracle_Passwords_and_OraBrute.sflb.ashx)
Great news as Oracle have fixed the listener so that multiple connections can not be made in quick succession. The listener in 11g will indeed slow down the speed with [...]
http://www.securityfocus.com/archive/1/491865
In short if an unauthenticated user makes this request:
“http:/site/pls/portal/%0A”
Then they will be able to access this URL
“http://site/dav_portal/portal/”
as though they were authenticated.
Interesting bug i thought.
Also I came across the web site below the other day which has some interesting material on it regarding Oracle Security such as 10g password hashing algorithm written using python [...]
More details on April 2008 CPU vulnerabilities.
http://www.securityfocus.com/archive/1/491521
http://www.securityfocus.com/archive/1/491522
http://www.securityfocus.com/archive/1/491524
Exploit code may be in the pipeline so check Millw0rm etc. Note that the last two affect 11g as well. The CPU installation has been smoother and more reliable in my experience so should seriously think about installing this especially if your DB needs to restrict privilege to DB [...]
