Home Resources Blog Crypto Flaw in Oracle Acess Manager Allows Attackers to Pass Through

Crypto Flaw in Oracle Acess Manager Allows Attackers to Pass Through

Admin Globaldots
07.05.2018
image 1 Min read

A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account.

The vulnerability arises from a flawed cryptographic format used by the OAM.

The vulnerability can be exploited to decrypt and encrypt messages used to communicate between the OAM and web servers. The researchers have managed to construct a valid session token and encrypt it, then pass it off as valid to the web server. This allowed them to access protected resources as a user already known to the OAM.

Image Source

Read more: Help Net Security

cryptocurrency

Learn More

What is FinOps? The Complete Guide
Cloud Cost Optimization
What is FinOps? The Complete Guide
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 31.05.23

While cloud-computing supports immense innovation – providing limitless resources in the pursuit of greater output and agility – public cloud end-user spending is projected to reach a staggering $600 billion this year. Hyperscale cloud vendors remain driving forces behind this growth, having proven their salt as highly strategic launchpads for digital transformation. The competition for […]

Read more
Cloud Cost Optimization: A Strategic Approach to Business Expansion
Cloud Cost Optimization
Cloud Cost Optimization: A Strategic Approach to Business Expansion
Francesco Altomare, Southern Europe Regional Manager @ GlobalDots 18.05.23

FinOps is a strategic framework designed to manage and optimize cloud costs effectively. It’s a transformative approach that brings financial accountability to the forefront of the variable spend model of cloud computing. This model allows businesses to gain a firm grip on their cloud expenses, ensuring that every dollar spent is accounted for and utilized […]

Read more
AWS Data Transfer Cost Optimization: Everything You Need to Know
Cloud Cost Optimization
AWS Data Transfer Cost Optimization: Everything You Need to Know
Nesh (Steven Puddephatt), Senior Solutions Engineer @ GlobalDots 17.05.23

While AWS services provide a wealth of mission-critical services – storing over 2.2 trillion objects in S3 – many organizations are left floundering in the solution’s complex pricing structures. Spanning transfer types and geographies, data transfer costs can be hugely unpredictable and rapidly get out of hand.  Below, we leverage decades of industry experience to […]

Read more
Back to Resources
Unlock Your Cloud Potential
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.
Book a Demo