CVE-2018-2879
Description
Oracle Access Manager (OAM) suffers a cryptographic padding oracle flaw allowing unauthenticated remote attackers to forge authentication tokens and impersonate any user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Oracle Access Manager (OAM) suffers a cryptographic padding oracle flaw allowing unauthenticated remote attackers to forge authentication tokens and impersonate any user.
Vulnerability
A cryptographic padding oracle vulnerability exists in Oracle Access Manager (OAM), a component of Oracle Fusion Middleware. The flaw resides in the authentication engine, which uses a block cipher mode that leaks padding validity information via response timing or error messages. Affected versions are 11.1.2.3.0 and 12.2.1.3.0 [1]. The vulnerability is triggered when an unauthenticated attacker sends specially crafted HTTP requests to an OAM endpoint, allowing them to decrypt and encrypt arbitrary session tokens [1][2].
Exploitation
An unauthenticated attacker with network access to an OAM instance can exploit this padding oracle without any prior authentication or user interaction. The attacker sends a series of requests to the OAM authentication endpoint, manipulating the ciphertext of a session cookie or URL parameter. By observing differences in error responses or timing, the attacker can recover the plaintext of existing tokens and, more critically, encrypt chosen plaintext values—such as a new token containing a target username [2]. Public exploit code is available [2], following the technical description by SEC Consult [1]. The required cryptographic oracle is accessed through standard HTTP requests, making remote exploitation straightforward.
Impact
Successful exploitation allows an attacker to fabricate a valid OAM session token for any arbitrary username. When a WebGate (the authentication component in front of a protected application) receives this forged cookie, it accepts it as legitimate authentication. The attacker gains immediate access to any web application protected by the affected OAM instance, impersonating a privileged user. This effectively bypasses the entire authentication mechanism, leading to a compromise of confidentiality, integrity, and availability (CVSS 9.0) [1]. The impact may extend to additional products relying on OAM for single sign-on, as noted in the CVE description.
Mitigation
Oracle has addressed this vulnerability in the Oracle Critical Patch Update for April 2018. The fix is described in My Oracle Support Note 2386496.1 [1]. The vendor provided a patch for both affected versions (11.1.2.3.0 and 12.2.1.3.0) [1]. Customers should apply the appropriate patch from Oracle immediately. No workaround is documented; upgrading to the patched version is the only recommended mitigation. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog as of early 2024.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
211.1.2.3.0, 12.2.1.3.0+ 1 more
- (no CPE)range: 11.1.2.3.0, 12.2.1.3.0
- (no CPE)range: 11.1.2.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Use of CBC-mode encryption with PKCS#7 padding without padding-oracle resistance, combined with a plain MD5 hash (not an HMAC) for integrity, enables a padding oracle attack that allows arbitrary message decryption and encryption."
Attack vector
An unauthenticated attacker with network access via HTTP can exploit a padding oracle weakness in the CBC-mode encryption of OAM session tokens. By sending crafted encrypted messages to the OAM and observing whether a "System error" is returned (indicating invalid padding) or a different response (indicating valid padding), the attacker can decrypt arbitrary messages and, critically, encrypt arbitrary plaintexts [ref_id=1]. Because the integrity check is a plain MD5 hash rather than an HMAC, the attacker can compute a valid hash for a fabricated authentication cookie. This allows the attacker to forge an OAMAuthnCookie for any username, thereby impersonating any user and achieving full takeover of Oracle Access Manager [ref_id=1].
Affected code
The vulnerability resides in the cryptographic format used by Oracle Access Manager (OAM) for encrypted messages (encquery, encreply, OAMAuthnCookie). The format uses a block cipher in CBC mode with PKCS#7 padding and an MD5 hash (not an HMAC) for integrity, but the implementation leaks padding validity through observable error responses [ref_id=1].
What the fix does
Oracle addressed this vulnerability in the April 2018 Critical Patch Update (CPU) [ref_id=1]. The advisory does not include a patch diff, but the fix is described as modifying the cryptographic implementation to eliminate the padding oracle behavior. Administrators are instructed to apply the CPU and, as a detection measure, review logs for patterns of javax.crypto.BadPaddingException, which indicate attempted exploitation [ref_id=1].
Preconditions
- networkAttacker must have network access to the OAM server via HTTP
- authNo authentication required
- inputAttacker must be able to capture at least one valid encrypted message (encquery) from the target OAM instance
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- packetstormsecurity.com/files/152551/OAMbuster-Multi-Threaded-CVE-2018-2879-Scanner.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Apr/28mitremailing-listx_refsource_FULLDISC
- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlmitrex_refsource_CONFIRM
- www.securityfocus.com/bid/103788mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1040695mitrevdb-entryx_refsource_SECTRACK
- seclists.org/bugtraq/2019/Apr/27mitremailing-listx_refsource_BUGTRAQ
- www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.