THC has released a new tool for cracking Oracle Database passwords.
THC presents a crypto paper analyzing the database authentication mechansim
used by oracle. THC further releases practical tools to sniff and crack the
password of an oracle database within seconds.One of the network authentication modes used by Oracle databases uses a weak
key exchange mechanism. This mechanism is still used on the newest database
versions using Oracle’s JAVA drivers. Also, for native Oracle drivers an
attack is known to downgrade the authentication mode to the vulnerable
version. The orakelsniffert article documents the mechanism used by the weak
authentication mode, the complexity and impact of the attack and an example
of an attack in the field. A Windows based cracker and a simple JAVA based
client application are included to verify the results. Also, a supporting
crypto utility is released.
[tags]Oracle Password Cracker, Password Cracking, Oracle Passwords[/tags]
