Local Users Access Sensitive Information in Oracle JDeveloper
CVE-2005-2291

Currently unrated

Key Information:

Vendor: Oracle
Status: Jdeveloper
Vendor: CVE Published:; 18 July 2005

What is CVE-2005-2291?

Oracle JDeveloper versions 9.0.4, 9.0.5, and 10.1.2 expose sensitive user passwords in plaintext when starting the sqlplus tool. This security flaw enables local users to access potentially confidential information by intercepting command-line arguments, resulting in possible unauthorized access or misuse of sensitive data.

References

http://marc.info/?l=bugtraq&m=112129082323341&w=2

mailing-listx_refsource_BUGTRAQ

http://www.red-database-security.com/advisory/oracle_jdev...

x_refsource_MISC

Timeline

Vulnerability published
Jul 18, 2005
Vulnerability Reserved
Jul 17, 2005