Research: Oracle Passwords Weak

 
 
By Lisa Vaas  |  Posted 2005-11-07 Email Print this article Print
 
 
 
 
 
 
 

Attackers can easily crack even strong Oracle database passwords and gain access to critical enterprise data because of weak password protection mechanisms, researchers have warned.

Attackers can easily crack even strong Oracle database passwords and gain access to critical enterprise data because of weak password protection mechanisms, researchers have warned.

In the most recent of Oracles security woes, Joshua Wright of the SANS Institute and Carlos Cid of the Information Security Group at the University of Londons Royal Holloway College gave a presentation on their findings at the SANS Network Security conference in Los Angeles last week.

The duos paper, "An Assessment of the Oracle Password Hashing Algorithm," calls for Oracle to bolster its password hashing mechanism. As it now stands, malicious users can recover even strong, well-constructed passwords within minutes, the researchers have found.

Wright and Cids research has revealed that Oracles password handling has multiple weaknesses: weak password salt selection, lack of alphabetic case preservation and a weak hashing algorithm.

 
 
 
 
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel