Password Vulnerability in Oracle Database Server
CVE-2004-1367

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Oracle8i; Oracle9i; Collaboration Suite
Vendor: CVE Published:; 4 August 2004

Summary

A vulnerability exists in Oracle 10g Database Server that occurs when installed with a password containing an exclamation point ('!') for the DBSNMP or SYSMAN user. This configuration leads to the generation of an error that logs the password in a world-readable postDBCreation.log file. As a result, local users may gain unauthorized access to this sensitive information, potentially leveraging it to access SYS or SYSTEM accounts, which may also use the same password.

References

http://marc.info/?l=bugtraq&m=110382247308064&w=2

mailing-listx_refsource_BUGTRAQ

http://www.kb.cert.org/vuls/id/316206

third-party-advisoryx_refsource_CERT-VN

http://www.us-cert.gov/cas/techalerts/TA04-245A.html

third-party-advisoryx_refsource_CERT

Timeline

Vulnerability Reserved
Jan 7, 2005
Vulnerability published
Aug 4, 2004