Oracle 9i Application Server CVE-2002-1637 Local Security Vulnerability

Oracle 9i Application Server CVE-2002-1637 Local Security Vulnerability

Oracle 9i Application Server is prone to a local security vulnerability. Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. A local attacker may exploit this issue to gain escalated privileges and perform unauthorized actions.