CVE-2004-1367

Name of the Vulnerable Software and Affected Versions: Oracle 10g Database Server (affected versions not specified)

Description: The issue arises when the Oracle 10g Database Server is installed with a password containing an exclamation point for the DBSNMP or SYSMAN user. This results in an error that logs the password in the world-readable postDBCreation.log file. Local users could potentially obtain the password and use it to access SYS or SYSTEM accounts if they were installed with the same password.

Recommendations: For Oracle 10g Database Server, consider changing the passwords for the DBSNMP and SYSMAN users to not include an exclamation point, and restrict access to the postDBCreation.log file to prevent unauthorized users from obtaining the password. Additionally, ensure that the SYS and SYSTEM accounts do not use the same password as the DBSNMP or SYSMAN users to minimize potential damage.