Intrusion Prevention

Oracle.Database.O5Logon.Protocol.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in Oracle Database 11g authentication protocol.
The vulnerability is due to the O5Logon authentication protocol sending the encrypted session key and the password salt value to the client. A remote attacker may be able to exploit this by using the session key and salt value to execute an offline brute force cracking of user credentials.

Affected Products

Oracle Database Server 11gR1
Oracle Database Server 11gR2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Refer to the vendor's website for suggested workaround (Login required).
https://support.oracle.com/epmos/faces/ui/km/DocumentDisplay.jspx?id=1492721.1

CVE References

CVE-2012-3137