CVE-2012-3137

NONECVSS 0.0

0.0

The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."

🔗 References (16)

secalert_us@oraclehttp://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/
secalert_us@oraclehttp://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
secalert_us@oraclehttp://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html
secalert_us@oraclehttp://www.exploit-db.com/exploits/22069
secalert_us@oraclehttp://www.mandriva.com/security/advisories?name=MDVSA-2013:150
secalert_us@oraclehttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
secalert_us@oraclehttp://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
secalert_us@oraclehttp://www.securityfocus.com/bid/55651
af854a3a-2127-422b-91ae-364da2661108http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/
af854a3a-2127-422b-91ae-364da2661108http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
af854a3a-2127-422b-91ae-364da2661108http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/22069
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Is Your Infrastructure Affected by CVE-2012-3137?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3137

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3137?