Security News > 2018 > May > Crypto flaw in Oracle Access Manager can let attackers pass through

Crypto flaw in Oracle Access Manager can let attackers pass through
2018-05-03 17:13

A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account. About the vulnerability The vulnerability arises from a flawed cryptographic format used by the OAM. “The Oracle Access Manager is the component of the Oracle Fusion Middleware that handles authentication for all sorts of web applications,” SEC Consult researcher Wolfgang Ettlinger explained. “In typical scenarios, the web server that provides access to the … More → The post Crypto flaw in Oracle Access Manager can let attackers pass through appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/EKblBzB7gEk/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-04-19 CVE-2018-2879 Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine).
network
oracle
6.8
6.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 963 1137 6121 1076 733 9067