Vulnerabilities > CVE-2007-6260 - Credentials Management vulnerability in Oracle Database Server
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://osvdb.org/43673
- http://securityreason.com/securityalert/3419
- http://www.davidlitchfield.com/blog/archives/00000030.htm
- http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf
- http://www.securityfocus.com/archive/1/483652/100/200/threaded
- http://www.securityfocus.com/bid/26425