Password Vulnerability in Oracle Database Server
CVE-2004-1367

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
4 August 2004

Summary

A vulnerability exists in Oracle 10g Database Server that occurs when installed with a password containing an exclamation point ('!') for the DBSNMP or SYSMAN user. This configuration leads to the generation of an error that logs the password in a world-readable postDBCreation.log file. As a result, local users may gain unauthorized access to this sensitive information, potentially leveraging it to access SYS or SYSTEM accounts, which may also use the same password.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.