Vulnerabilities > CVE-2007-6260 - Credentials Management vulnerability in Oracle Database Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://osvdb.org/43673
- http://osvdb.org/43673
- http://securityreason.com/securityalert/3419
- http://securityreason.com/securityalert/3419
- http://www.davidlitchfield.com/blog/archives/00000030.htm
- http://www.davidlitchfield.com/blog/archives/00000030.htm
- http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf
- http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf
- http://www.securityfocus.com/archive/1/483652/100/200/threaded
- http://www.securityfocus.com/archive/1/483652/100/200/threaded
- http://www.securityfocus.com/bid/26425
- http://www.securityfocus.com/bid/26425