A recently patched Oracle 12 database vulnerability, which exposed a flaw in the authentication process, allowed...
hackers to link a particular password hash with a session key. Oracle didn't patch the issue in version 11.1, which is the version in use at my organization. How much danger does this pose for enterprises? Do you have any tips for dealing with this vulnerability for version 11.1 users?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
This vulnerability was identified by Application Security Inc.'s TeamSHATTER Researcher Esteban Martinez Fayo. The vulnerability, which exists in the Oracle database authentication protocol, allows an attacker to capture a hashed password so it can be cracked to gain access to the database. Oracle fixed this vulnerability by changing the authentication protocol, but decided to not backport the fix and protocol update to earlier versions. This is fairly common when a fix makes major changes to a protocol, because the fix could break backward compatibility. As mentioned in its patch announcement, Oracle, like any major software vendor, has a technical support lifecycle, where older versions cease to receive support so that they can focus their resources on newer products. Even after applying the update, database administrators (DBAs) still need to change the authentication protocol version in use, because the vulnerable protocol is set as the default.
The first step to protecting the Oracle database authentication process from this vulnerability is to not directly place a database on the internet or allow direct external access to any database, thereby limiting where an attack can originate. DBAs should also stay as close to the most recent database version as possible, because that is where most of the database provider's resources are devoted. There are database firewalls that could protect against attacks trying to lower the protocol to a vulnerable version, but the vulnerability is part of a core component of the authentication protocol, so stopping an attack may be difficult. DBAs could also change the database to use external authentication to prevent the vulnerable protocol from being used. Another option could be for enterprises to require VPN connections to their Oracle databases when client systems are on networks where their network traffic might be captured. The VPN would prevent an attacker from capturing the password hash.
Dig Deeper on Database Security Management-Enterprise Data Protection
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.