Vulnerability Description
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 9.0.2 |
References
- http://marc.info/?l=bugtraq&m=107531028325112&w=2
- http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5Exploit
- http://www.securityfocus.com/archive/1/352315/30/21430/threaded
- http://www.securityfocus.com/archive/82/351719Vendor Advisory
- http://www.securityfocus.com/bid/9515ExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=107531028325112&w=2
- http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5Exploit
- http://www.securityfocus.com/archive/1/352315/30/21430/threaded
- http://www.securityfocus.com/archive/82/351719Vendor Advisory
- http://www.securityfocus.com/bid/9515ExploitVendor Advisory
FAQ
What is CVE-2004-2134?
CVE-2004-2134 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
How severe is CVE-2004-2134?
CVE-2004-2134 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2134?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server.