AOH :: ISNQ4122.HTM

THC-Orakel, Cracking Oracle Passwords within seconds




THC-Orakel, Cracking Oracle Passwords within seconds
THC-Orakel, Cracking Oracle Passwords within seconds



Forwarded from: rm (at) ingsoc.org

Hi,

THC presents a crypto paper analyzing the database authentication 
mechansim used by oracle. THC further releases practical tools to sniff 
and crack the password of an oracle database within seconds.

Link: http://www.thc.org/thc-orakel 

One of the network authentication modes used by Oracle databases uses a 
weak key exchange mechanism. This mechanism is still used on the newest 
database versions using Oracle's JAVA drivers. Also, for native Oracle 
drivers an attack is known to downgrade the authentication mode to the 
vulnerable version. The orakelsniffert article documents the mechanism 
used by the weak authentication mode, the complexity and impact of the 
attack and an example of an attack in the field. A Windows based cracker 
and a simple JAVA based client application are included to verify the 
results. Also, a supporting crypto utility is released.

Yours sincerly,

vonjeek / THC
The Hackers Choice
http://www.thc.org 


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods