Password Vulnerability in Oracle Database Server
CVE-2004-1367
Currently unrated
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 4 August 2004
Summary
A vulnerability exists in Oracle 10g Database Server that occurs when installed with a password containing an exclamation point ('!') for the DBSNMP or SYSMAN user. This configuration leads to the generation of an error that logs the password in a world-readable postDBCreation.log file. As a result, local users may gain unauthorized access to this sensitive information, potentially leveraging it to access SYS or SYSTEM accounts, which may also use the same password.
References
Timeline
Vulnerability Reserved
Vulnerability published