I wanted to comment on the workarounds for this problem:
1) Setting SQLNET.ENCRYPTION_SERVER=REQUIRED on the server is not enough to protect you.
To avoid "man in the middle" attacks, you need to have an SSL certificate on
the server and SSL_SERVER_DN_MATCH=TRUE in the client's sqlnet.ora.
1) Setting SQLNET.ENCRYPTION_SERVER=REQUIRED on the server is not enough to protect you.
To avoid "man in the middle" attacks, you need to have an SSL certificate on
the server and SSL_SERVER_DN_MATCH=TRUE in the client's sqlnet.ora.
2...
[ more ]