Paper: Snarfing attacks in Oracle DBMS_XMLGEN applications
From: <david_at_databasesecurity.com>
Date: Fri, 8 Nov 2013 08:59:20 -0000
Message-ID: <4003FC91EC5E46879E85D58A29AE64F1_at_NAUTILUS>
Hello all,
I’ve noted a weakness in the way DBMS_XMLGEN generates context handles. Due to this weakness it may be possible to gain access to sensitive data using a snarfing attack. Of course, this is totally dependent upon the application in question. You can get the paper here: http://www.davidlitchfield.com/Snarfing_attacks_in_DBMS_XMLGEN_Applications.pdf Cheers!
David
Date: Fri, 8 Nov 2013 08:59:20 -0000
Message-ID: <4003FC91EC5E46879E85D58A29AE64F1_at_NAUTILUS>
Hello all,
I’ve noted a weakness in the way DBMS_XMLGEN generates context handles. Due to this weakness it may be possible to gain access to sensitive data using a snarfing attack. Of course, this is totally dependent upon the application in question. You can get the paper here: http://www.davidlitchfield.com/Snarfing_attacks_in_DBMS_XMLGEN_Applications.pdf Cheers!
David
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Nov 08 2013 - 09:59:20 CET