10/28/2005

Oracle password system comes under fire

Filed under: — By Aviran Mordo @ 7:54 am

Attackers could easily uncover Oracle database users’ passwords because of a weak protection mechanism, putting corporate data at risk of exposure, experts have warned.

In the latest critique of Oracle’s security practices, experts are calling on the software maker to improve the mechanism used to secure passwords for database users. Researchers say they have found a way to recover the plain text password from even very strong, well-written Oracle database passwords within minutes.

The technique Oracle uses to store and encrypt user passwords doesn’t provide sufficient security, said Joshua Wright of the SANS Institute and Carlos Sid of Royal Holloway College, University of London. Wright gave a presentation on the matter Wednesday at the SANS Network Security conference in Los Angeles.

In the presentation, Wright discussed how passwords are encrypted before being stored in Oracle databases and presented a tool he wrote to uncover passwords, according to a SANS statement.

Source: News.com

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress