HomeНаука и техникаRelated VideosMore From: SEC Consult

Authentication bypass in Oracle Access Manager (OAM) SSO solution

0 ratings | 2273 views
A padding oracle vulnerability in Oracle Access Manager (OAM) allows an attacker to decrypt and encrypt certain cryptographic messages. An attacker could craft arbitrary authentication tokens, to bypass authentication and impersonate any user (even administrator accounts). For further information and other vulnerabilities also check out our blog post and advisory: Blog: https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/ Advisory: https://www.sec-consult.com/en/blog/advisories/authentication-bypass-in-oracle-access-manager/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Europe | Asia | North America About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: https://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
Html code for embedding videos on your blog
Text Comments ()

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.