Highly Critical Flaw (CVSS Score 10) Lets Hackers Hijack Oracle Identity Manager

cyber

A highly critical vulnerability has been discovered in Oracle’s enterprise identity management system that can be easily exploited by remote, unauthenticated attackers to take full control over the affected systems.

The critical vulnerability tracked as CVE-2017-10151, has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction, Oracle said in its advisory published Monday without revealing many details about the issue.

The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users’ access privileges within enterprises.
The security loophole is due to a “default account” that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager.

Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the “default account” could be a secret account with hard-coded or no password.

“This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials,” Oracle’s advisory reads.

To read the original article:

https://thehackernews.com/2017/10/oracle-identity-manager.html

Laisser un commentaire

Next Post

Tor Project fixed TorMoil, a critical Tor Browser flaw that can leak users IP Address

The Tor Project fixed a critical vulnerability dubbed TorMoil that could leak users real IP addresses to potential attackers. Tor users must update their Tor browser to fix a critical vulnerability, dubbed TorMoil, that could leak their real IP addresses to potential attackers when they visit websites with certain content. The Tor Project released the Tor […]