HomeНаука и техникаRelated VideosMore From: Integrigy

Oracle Database TNS Poisoning Attacks CVE-2012-1675

6 ratings | 1979 views
In 2012, details of a vulnerability in the Oracle Database listener were published that allows an attacker to register with the database listener and to intercept and modify TNS network traffic between the client and database server. This “TNS Poison” attack allows an unauthenticated attacker with only network connectivity to compromise most database accounts. The fix to prevent TNS Poison attacks was announced in April 2012, but was not fixed by the Critical Patch Update securtiy patch. Instead, manual changes are required to the database listener prior to 12c. Even though this vulnerability is four years-old, Integrigy routinely identifies vulnerable Oracle databases during our security assessments – hence the purpose of this webinar. This education webinar demonstrates a TNS poison attack and how an Oracle database can be compromised without any database authentication. Required remediation steps for each database version are discussed as well as methods for checking if a database is protected or if it has been compromised.
Html code for embedding videos on your blog
Text Comments ()

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.