Security experts have recently warned about the risk that hackers could recover the database passwords of Oracle users due to vulnerabilities in the security mechanisms of this application suite.
This flaw could put many customers using Oracle products in a dangerous position against potential hacker attacks. According to the SANS Institute, Oracle should “revamp” its password protection mechanism for database users, as they have discovered ways to recover even well-encrypted passwords from Oracle.
SANS experts informed Oracle of the security flaw back in July 2005; however, there has been no response from the company to date. About a month ago, CNet also reported on this vulnerability and notified Oracle, but similarly received no reply.
SANS recommends that Oracle database administrators use more complex passwords than usual and assign restricted permissions to users to enhance security while awaiting a fix from Oracle.
VH – (ZDNet)
