lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 4 Sep 2015 17:14:39 +0000
From: Jeff Kayser <jeff.kayser@...econsulting.com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
CC: Jeff Kayser <jeff.kayser@...econsulting.com>,
  "bruce lowenthal\
 \(bruce.lowenthal@...cle.com\)" <bruce.lowenthal@...cle.com>
Subject: Oracle Hyperion password disclosure...

Hi, all.

Oracle Hyperion Rapid Deployment installer leaves plaintext passwords in config files and logfiles.  Oracle has known about this for 2 years, and has decided not to patch any of the product versions prior to the latest version.  I have additional details if anyone is interested.

Jeff Kayser
Jibe Consulting | Managing Principal Consultant
5000 Meadows Rd. Suite 300
Lake Oswego, OR 97035
O: 503-517-3266 | C: 503.901.5021
jeff.kayser@...econsulting.com

[cid:image009.jpg@...00437.3D3091D0]<http://www.jibeconsulting.com/>
                              [cid:image010.jpg@...00437.3D3091D0] <http://www.linkedin.com/company/jibe-consulting>      [cid:image011.jpg@...00437.3D3091D0] <http://www.facebook.com/JibeConsulting>      [cid:image012.jpg@...00437.3D3091D0] <http://twitter.com/#!/JibeConsulting>

[cid:image013.jpg@...00437.3D3091D0]


Disclaimer: This electronic message may contain information that is Confidential or legally privileged. It is intended only for the use of the individual(s) and entity named in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from your computer. Do not deliver, distribute or copy this message and do not disclose its contents or take any action in reliance on the information it contains.

Content of type "text/html" skipped

Download attachment "image001.jpg" of type "image/jpeg" (2170 bytes)

Download attachment "image002.jpg" of type "image/jpeg" (814 bytes)

Download attachment "image003.jpg" of type "image/jpeg" (804 bytes)

Download attachment "image004.jpg" of type "image/jpeg" (771 bytes)

Download attachment "image005.jpg" of type "image/jpeg" (3760 bytes)

Download attachment "Hyperion Essbase Rapid Deploy.docx" of type "application/vnd.openxmlformats-officedocument.wordprocessingml.document" (24715 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ