Oracle Passwords Crack in Mere Minutes
Found on eWEEK on Thursday, 27 October 2005
Attackers can easily crack even strong Oracle database passwords and gain access to critical enterprise data because of weak password protection mechanisms, researchers have warned.
The duo's paper, "An Assessment of the Oracle Password Hashing Algorithm," calls for Oracle to bolster its password hashing mechanism.
As it now stands, malicious users can recover even strong, well-constructed passwords within minutes, the researchers have found.
It is only the most recent of a long run of security embarrassments for the database company that cooked up the marketing tag "unbreakable"-a brag that it has quietly stepped back from ever since its inception.
Calling something "unbreakable" is always an invitation. Plus, history showed that nothing is really secure.