Oracle Applications 11i Unspecified Encrypted Password Information Disclosure Vulnerability

Oracle Applications 11i Unspecified Encrypted Password Information Disclosure Vulnerability

Oracle Applications 11i is prone to an information-disclosure vulnerability because the software fails to protect sensitive information.

To exploit this issue, an attacker must have SQL*Net access to the database.

The attacker can exploit this issue to obtain the encrypted password string to another user's account or to the Oracle Application's main database account.

Applications using Oracle Applications security features such as "Managed SQL*Net Access" and "Server Security" are not vulnerable to this issue.