Home » Story links » Param's story links

THC Orakel - Authentication Mechanism Analyzer

Link: http://www.thc.org/thc-orakel/
Points: 674 views User: Param Comments: 0 Comments Tag:

THC presents a crypto paper analyzing the database authentication mechanism used by oracle. THC further releases practical tools to sniff and crack the password of an oracle database within seconds. One of the network authentication modes used by Oracle databases uses a weak key exchange mechanism. This mechanism is still used on the newest database versions using Oracle's JAVA drivers. Also, for native Oracle drivers an attack is known to downgrade the authentication mode to the vulnerable version.

The orakelsniffert article documents the mechanism used by the weak authentication mode, the complexity and impact of the attack and an example of an attack in the field. A Windows based cracker and a simple JAVA based client application are included to verify the results. Also, a supporting crypto utility is released.


Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.