Information Leakage Vulnerability

Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack encryption codes could see when messages are transmitted, even if he could not read them. During the Second World War, the Japanese for a while were using secret codes such as PURPLE; even before such codes were cracked, some basic information could be extracted about the content of the messages by looking at which relay stations sent a message onward.

Oracle Access Manager (formerly known as Oblix NetPoint and Oracle COREid) provides a full range of identity administration and security functions, that include Web single sign-on; user self-service and self-registration; sophisticated workflow functionality; auditing and access reporting; policy management; dynamic group management; and delegated administration. The main file of OAM is “obrareq.cgi”. However, “obrareq.cgi” doesn’t …

Continue reading Oracle Access Manager (OAM) Vulnerabilities

 SINGAPORE: Call them cybersecurity vigilantes if you will, or “white hats” – as they are known in the hacking world. Mr Wang Jing and Mr Zhao Hainan are part of a growing group of individuals who are taking it upon themselves to test the security of information systems in organisations and report security flaws.   Earlier …

Continue reading WHITE HAT HACKERS TESTING SECURITY OF COMPUTER SYSTEMS IN SINGAPORE

Exploit Title: Oracle Manager WebGate Subcomponent Unspecified Remote Information Disclosure Product: Access Manager component in Oracle Fusion Middleware Vendor: Oracle Vulnerable Versions: 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 Advisory Publication: Apr 15, 2014 Latest Update: Apr 15, 2014 Vulnerability Type: Information Exposure [CWE-200] CVE Reference: CVE-2014-2404 Risk Level: Medium CVSS v2 Base Score: 4.0 …

Continue reading Oracle Access Manager WebGate Subcomponent Unspecified Remote Information Disclosure CVE-2014-2404