CVE-2007-6260

Name of the Vulnerable Software and Affected Versions Oracle 10g and 11g versions (affected versions not specified)

Description The issue is related to the installation process using default passwords for accounts, allowing remote attackers to gain login access by connecting to the Listener. It is noted that when the Database Configuration Assistant (DBCA) is used at the end of the installation, most accounts are either disabled or have their passwords changed.

Recommendations For Oracle 10g and 11g, consider changing the default passwords for accounts after installation to prevent unauthorized access. As a temporary workaround, restrict access to the Listener to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.