7th May, 2018
1 Min read
Book a Demo
A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account.
Reduce your AWS costs by over 50%
Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.
The vulnerability arises from a flawed cryptographic format used by the OAM.
The vulnerability can be exploited to decrypt and encrypt messages used to communicate between the OAM and web servers. The researchers have managed to construct a valid session token and encrypt it, then pass it off as valid to the web server. This allowed them to access protected resources as a user already known to the OAM.
Read more: Help Net Security
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.