Tag Archives: hashes

Cryptographic flaws in Oracle Database authentication protocol

Recently a security researcher (Esteban Martinez Fayo) made the world aware of a problem with the O5LOGON Oracle database authentication protocol (used in 11g – 11.1 & 11.2). This problem, known as CVE-2012-3137, makes it relatively simple for attackers to … Continue reading

Posted in Database, Security | Tagged , , , , , , , , , , , , , , , , , , , , , , , | 12 Comments

Password History – Reusing a password

By setting either one or both the profile limits PASSWORD_REUSE_MAX or PASSWORD_REUSE_TIME are set to anything other than UNLIMITED, Oracle somewhere keeps a history of passwords used by a user. This password history is stored in a table with the … Continue reading

Posted in Database | Tagged , , , , , | 3 Comments

Password Hashes

Within Oracle databases passwords get hashed. When, for example, you create a new account or change the password of an account, the specified clear-text password gets hashed. This hash value is stored in the database with the account. Once hashed … Continue reading

Posted in Security | Tagged , , , , , , | 6 Comments