Application Server Vulnerability
Paul Wright May 11th, 2008
http://www.securityfocus.com/archive/1/491865
In short if an unauthenticated user makes this request:
“http:/site/pls/portal/%0A”
Then they will be able to access this URL
“http://site/dav_portal/portal/”
as though they were authenticated.
Interesting bug i thought.
Also I came across the web site below the other day which has some interesting material on it regarding Oracle Security such as 10g password hashing algorithm written using python http://www.thesprawl.org/infocalypse/index.php?title=Oracle_Authentication#Oracle_7-11_Password_Hashing_Algorithm
For your reference the Oracle 11g hashing algorithm implemented using Python
http://blog.red-database-security.com/2007/09/21/oracle-password-algorithm-11g-poc-code/