Cleartext Password Vulnerability in Oracle 10g Database Server by Oracle
CVE-2004-1366

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Oracle8i; Oracle9i; Collaboration Suite
Vendor: CVE Published:; 4 August 2004

Summary

The Oracle 10g Database Server contains a vulnerability where the SYSMAN account password is stored in cleartext in the world-readable emoms.properties file. This design flaw could allow local users to access sensitive information, potentially leading to unauthorized DBA privileges and significant compromise of database security. Proper security measures should be implemented to protect sensitive credential storage and ensure that such vulnerabilities are mitigated.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18661

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/385323

mailing-listx_refsource_BUGTRAQ

http://www.kb.cert.org/vuls/id/316206

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability Reserved
Jan 7, 2005
Vulnerability published
Aug 4, 2004