A security expert has recently warned that certain vulnerabilities in embedded databases, such as those from SleepyCat (now owned by Oracle), could be exploited to obtain sensitive information.
Ted Julian, Vice President of the Application Security firm in New York, stated: “Embedded databases are often highly regarded, but they still have weaknesses. Malicious actors can extract configuration data stored on routers or customer data from specific software.”
According to the American research company Ovum, SleepyCat’s BerkeleyDB database has been deployed over 200 million times across various devices, from network routers and mobile phones to business applications and many popular websites. For instance, Alcatel routers are equipped with BerkeleyDB, while Amazon utilizes BerkeleyDB in many crucial parts of its website. Google also employs BerkeleyDB to manage Gmail and user accounts. Information on these sites could be compromised if administrators forget to change the default ID and password.
Oracle and SleepyCat declined to comment. Meanwhile, Ben Chelf, the Technical Director of the security firm Coverity in San Francisco, affirmed that BerkeleyDB is one of the best software solutions they have ever analyzed.
Julian noted that there have been no reported cases of data loss due to embedded database errors, partly because these issues are often minor and difficult to detect. “But who knows what might happen in the future,” Julian remarked.
T.N.