Authentication Bypass Vulnerability in Oracle Database Core RDBMS
CVE-2008-2625

Currently unrated

Key Information:

Vendor: Oracle
Status: Database 9i; Database 10g
Vendor: CVE Published:; 14 October 2008

What is CVE-2008-2625?

An unspecified vulnerability in the Core RDBMS component of Oracle Database allows remote attackers to compromise the confidentiality and integrity of the database. The issue is thought to involve an authentication bypass mechanism during proxy authentication mode, where attackers can impersonate a user session via a specially crafted authentication message over TNS. This vulnerability affects multiple versions of the Oracle Database, raising concerns for organizations relying on these systems for data management and security.

References

http://www.securityfocus.com/archive/1/497539/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.oracle.com/technetwork/topics/security/cpuoct2...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/45880

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 14, 2008
Vulnerability Reserved
Jun 9, 2008