Oracle Passwords Cracked? — Privacy Partners

According to News.com, two researchers at the SANS Institute have discovered a problem with the security architecture of Oracle's database software, allowing them to easily obtain the passwords of database users.

The technique Oracle uses to store and encrypt user passwords doesn't provide sufficient security, said Joshua Wright of the SANS Institute and Carlos Sid of Royal Holloway College, University of London. Wright gave a presentation on the matter Wednesday at the SANS Network Security conference in Los Angeles. ... Wright and Cid identified several vulnerabilities, including a weak hashing mechanism and a lack of case preservation--all passwords are converted to uppercase characters before calculating the hash.

In its rivalry to be bigger and better than Microsoft, Oracle has cut some of the same kinds of security corners. According to the article, Oracle has been increasingly scrutinized, and criticized, for a lax security architecture and failure to release security patches in a timely manner.

Ask us Questions

Description text. Sed condimentum volutpat, viverra libero a, efficitur ex. Sed nunc dui, aliquam eu at, semper sed elit.

Post Archive

Archive Block

This is example content. Double-click here and select a page to create an index of your own content. Learn more

Archive Block

This is example content. Double-click here and select a page to create an index of your own content. Learn more

Back to News + Notes »

Oct 27 Oracle Passwords Cracked?

Nov 10 RIP Edmund Fitzgerald

Oct 17 New Google Privacy Policy?