Security News > 2018 > May > Crypto flaw in Oracle Access Manager can let attackers pass through
2018-05-03 17:13
A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account. About the vulnerability The vulnerability arises from a flawed cryptographic format used by the OAM. “The Oracle Access Manager is the component of the Oracle Fusion Middleware that handles authentication for all sorts of web applications,” SEC Consult researcher Wolfgang Ettlinger explained. “In typical scenarios, the web server that provides access to the … More → The post Crypto flaw in Oracle Access Manager can let attackers pass through appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/EKblBzB7gEk/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-19 | CVE-2018-2879 | Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). | 9.0 |