Authentication bypass in Oracle Access Manager (OAM) SSO solution

YK7_1NozAwQ/default.jpg

A padding oracle vulnerability in Oracle Access Manager (OAM) allows an attacker to decrypt and encrypt certain cryptographic messages. An attacker could craft arbitrary authentication tokens, to bypass authentication and impersonate any user (even administrator accounts).

For further information and other vulnerabilities also check out our blog post and advisory:

Blog: https://www.sec-consult.com/en/blog/2...


Advisory: https://www.sec-consult.com/en/blog/a...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult
Europe | Asia | North America

About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/career...

Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/contac...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: https://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

YK7_1NozAwQ/default.jpg
Authentication bypass in Oracle Access Manager (OAM) SSO solution Authentication bypass in Oracle Access Manager (OAM) SSO solution Reviewed by Dump3R H3id3gg3R on May 03, 2018 Rating: 5