Cleartext Password Vulnerability in Oracle 10g Database Server by Oracle
CVE-2004-1366

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
4 August 2004

Summary

The Oracle 10g Database Server contains a vulnerability where the SYSMAN account password is stored in cleartext in the world-readable emoms.properties file. This design flaw could allow local users to access sensitive information, potentially leading to unauthorized DBA privileges and significant compromise of database security. Proper security measures should be implemented to protect sensitive credential storage and ensure that such vulnerabilities are mitigated.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.