Sign up to our Newsletter
A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
The vulnerability arises from a flawed cryptographic format used by the OAM.
The vulnerability can be exploited to decrypt and encrypt messages used to communicate between the OAM and web servers. The researchers have managed to construct a valid session token and encrypt it, then pass it off as valid to the web server. This allowed them to access protected resources as a user already known to the OAM.
Read more: Help Net Security