I see that David Litchfield has posted a note on freelists titled "Re: Sniffing Oracle authentications" that describes the Oracle authentication mechanism and the fact that if you know the Oracle password hash then its possible to sniff the session key and wait for the encrypted password to be sent to the server. This means that even 30 character passwords using the complete keyspace are vulnerable to attack. David includes a C program to demonstrate this.
This is a detailed discussion by David of the issue that was first covered by Ian Redfern in a paper titled "Oracle Protocol" that was up on the Logica site for a while before being pulled but the web archive has a copy. The example Perl program linked in this paper was there on the web archive for quite some time but this has now gone as well. The Perl program gave an example of how this protocol worked and hinted at this issue. I found the link via Peter K's blog where he also mentions that Paul Wright now has an Oracle security blog. I have added a link to his blog in my Oracle blogs aggregator.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "It seems Dizwell has gone, come back (maybe) and gone again"] [Next entry: "A good blog to watch for Oracle internals and hard to find info"]
January 2007
- Stealing Oracle passwords from the wire - 01/01/2007 by 01/01/2007
- A good blog to watch for Oracle internals and hard to find info - 01/03/2007 by 01/03/2007
- 10 steps to creating your own security audit - 01/04/2007 by 01/04/2007
- Teaching an Old Dog New Tricks - 01/05/2007 by 01/05/2007
- Great paper on Oracle Applications 11i password weaknesses and decryption - 01/10/2007 by 01/10/2007
- Oracle have announced a CPU pre-release feature - 01/12/2007 by 01/12/2007
- Oracle emulates Microsoft with advance patch notice - 01/14/2007 by 01/14/2007
- new paper on oracle as sysdba connection weakness - 01/15/2007 by 01/15/2007
- Critical Patch Update January 2007 is out - 01/16/2007 by 01/16/2007
- Details Oracle Critical Patch Update January 2007 - V1.02 released - 01/18/2007 by 01/18/2007
- Toolkit of generators and brute force tools - 01/19/2007 by 01/19/2007
- Secure Passwords Keep You Safer - 01/21/2007 by 01/21/2007
- Oracle password crackers just got faster - 01/22/2007 by 01/22/2007
- Transparent Data Encryption (TDE) certified for Apps 11i - 01/24/2007 by 01/24/2007
- Download some free chapters from the Oracle Hackers Handbook - 01/30/2007 by 01/30/2007
- BBED - Oracle Block Browser and EDitor - A hacker tool? - 01/31/2007 by 01/31/2007
Archives
Syndication
Powered by gm-rss 2.0.0
