Unrated severityNVD Advisory· Published Sep 21, 2012· Updated Jun 16, 2026
CVE-2012-3137
CVE-2012-3137
Description
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:11.1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:11.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*
- (no CPE)range: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3
cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlnvdPatchVendor Advisory
- www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.htmlnvdPatchVendor Advisory
- www.exploit-db.com/exploits/22069nvdExploitThird Party AdvisoryVDB Entry
- arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability/nvdPress/Media Coverage
- threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012nvdPress/Media Coverage
- www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.htmlnvdPress/Media Coverage
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.securityfocus.com/bid/55651nvd
News mentions
0No linked articles in our index yet.