Vulnerabilities > CVE-2007-6260 - Credentials Management vulnerability in Oracle Database Server

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

oracle

CWE-255

NVD

Published: 2007-12-06

Updated: 2018-10-15

Summary

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://osvdb.org/43673
http://securityreason.com/securityalert/3419
http://www.davidlitchfield.com/blog/archives/00000030.htm
http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf
http://www.securityfocus.com/archive/1/483652/100/200/threaded
http://www.securityfocus.com/bid/26425