A researcher showed today that Oracle's databases could be hacked with brute-force attacks using only the database's name and a username, according to Kaspersky Lab Security News. Read More ..
Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users' data.
"It's pretty simple," Martinez Fayo told the security blog Dark Reading. "The attacker just needs to know a valid username in the database, and the database name. That's it."
Martinez Fayo says he discovered cryptographic flaws in Oracle's password authentication that allows for an easy brute-force hack. According to Martinez Fayo, the crack doesn't require a "man-in-the-middle" to spoof multiple users -- the server leaks vital information directly to the attacker.