Plaintext Password Vulnerability in Oracle HTML DB Installation
CVE-2005-3203

Currently unrated

Key Information:

Vendor: Oracle
Status: Html Db
Vendor: CVE Published:; 14 October 2005

What is CVE-2005-3203?

The installation process of Oracle HTML DB versions 1.3 through 1.3.6 contains a significant vulnerability where the SYS password is stored in the install.lst file in plaintext. This exposes sensitive credentials that allow local users to gain elevated privileges on the system, posing a risk to overall security. Proper management and secure installation procedures are essential to mitigate such vulnerabilities.

References

http://www.securityfocus.com/bid/15033

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/14935/

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 14, 2005
Vulnerability Reserved
Oct 14, 2005