PT-2005-3221 · Oracle · Oracle Forms
Alexander Kornbrust
·
Published
2005-07-17
·
Updated
2024-02-08
·
CVE-2005-2293
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Oracle Forms versions 9.0.4
Description:
The issue allows local users to obtain sensitive database information because database usernames and passwords are stored in a temporary file that is not properly deleted after use.
Recommendations:
For Oracle Forms version 9.0.4, consider implementing a secure method to handle temporary files, such as immediately deleting them after use, to prevent unauthorized access to sensitive database credentials.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Forms