Search
Tag Cloud
10.2 10.2.0.5 11.1 11.2 ADR alertlog ASM bug bundle patch cleanupDeploy database database appliance digest diskgroup enterprise manager gi grid control grid infrastructure GrindInst hashes LinkedIn listener localhost monitoring oak oakcli ODA odachk OEM one-off ORA oracle oracle database appliance password patch bundle PLSQL privileges RAC REDO sha1 solaris troubleshooting usable_file_mb x-windws xtermCategories
-
Recent Posts
Blogroll
Category Archives: Security
Cryptographic flaws in Oracle Database authentication protocol
Recently a security researcher (Esteban Martinez Fayo) made the world aware of a problem with the O5LOGON Oracle database authentication protocol (used in 11g – 11.1 & 11.2). This problem, known as CVE-2012-3137, makes it relatively simple for attackers to … Continue reading
Posted in Database, Security
Tagged 11.1, 11.2, 1492721.1, 192, ADR, AES, AUTH_SESSKEY, AUTH_VFR_DATA, brute force, CVE-2012-3137, database, digest, encryption, Esteban Martinez Fayo, flaw, hashes, LinkedIn, O5LOGON, oracle, password, SALT, SHA-1, stealth, TNS
12 Comments
Password Hashes
Within Oracle databases passwords get hashed. When, for example, you create a new account or change the password of an account, the specified clear-text password gets hashed. This hash value is stored in the database with the account. Once hashed … Continue reading
Unwrapping wrapped PLSQL in 10g, 11g and 12c
There are circumstances where you whish to have a look at the source of an wrapped PL/SQL package, procedure or function. The circumstances I want to have peek at the source is when some PL/SQL code becomes invalidated because an … Continue reading