CVE-2004-1366

Name of the Vulnerable Software and Affected Versions: Oracle 10g Database Server (affected versions not specified)

Description: The issue concerns the storage of the SYSMAN account password in cleartext within a world-readable file, potentially allowing local users to obtain DBA privileges.

Recommendations: For Oracle 10g Database Server, consider restricting access to the emoms.properties file to prevent unauthorized users from reading the SYSMAN account password. As a temporary workaround, limit local access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.