Oracle Database Remote Password Authentication Downgrade Weakness

Oracle Database Remote Password Authentication Downgrade Weakness

Oracle Database 9i and 10i are affected by a weakness that may allow attackers to launch brute-force attacks agains the remote authentication protocol.

Successfully exploiting this issue allows remote attackers to downgrade the protocol used during the challenge-response authentication process. This may aid them in further attacks, since they may be able to perform offline brute-force attacks against captured authentication traffic. Other attacks may also be possible.