[Previous entry: "A new Oracle security blog in English and German and some Oracle security videos"] [Next entry: "Software should defend itself: Oracle CSO"]
New paper on Oracle native authentication in 9i and 10g
May 29th, 2007 by Pete
Post to del.icio.us
Post to Furl
Laszlo Toth has released a new paper on the details of the changes between 8i, 9i and 10g Oracle native authentication including detailing some of the weaknesses and also including some proof of concept code. The paper shows that the authentication in all three versions of the protocol is subject to brute force or easy decryption of the password if a session can be sniffed and the AUTH_SESSION and AUTH_PASSWORD can be grabbed. The paper is titled "Oracle native authentication version 9i and 10g" and is available from Laszlo's site and is worth reading.
