Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Application Server Vulnerability

http://www.securityfocus.com/archive/1/491865

In short if an unauthenticated user makes this request:
“http:/site/pls/portal/%0A”
Then they will be able to access this URL
“http://site/dav_portal/portal/”
as though they were authenticated.

Interesting bug i thought.

Also I came across the web site below the other day which has some interesting material on it regarding Oracle Security such as 10g password hashing algorithm written using python http://www.thesprawl.org/infocalypse/index.php?title=Oracle_Authentication#Oracle_7-11_Password_Hashing_Algorithm

For your reference the Oracle 11g hashing algorithm implemented using Python
http://blog.red-database-security.com/2007/09/21/oracle-password-algorithm-11g-poc-code/

Leave a Reply

You must be logged in to post a comment.