filmov
tv
Attacking Oracle Native Network Encryption (CVE-2021-2351)
Показать описание
In this PoC video, an attack against the Oracle Native Network Encryption (NNE) is demonstrated.
This attack allows hijacking authenticated, cryptographically secured connections, and thus gaining access to the Oracle database with the privileges of the targeted victim user.
The security vulnerability exploited in this demo attack was discovered among other security weaknesses by the SySS IT security expert Moritz Bechler during a research project, and reported to Oracle according to our SySS Responsible Disclosure Program [1, 2].
The reported security vulnerabilities have already been fixed by Oracle in the July 2021 Critical Patch Update [3]. The assigned CVE ID concerning the demonstrated security issue and also other security weaknesses is CVE-2021-2351 [4].
The referenced paper titled "Oracle Native Network Encryption: Breaking a Proprietary Security Protocol" written by Moritz Bechler is available at [5].
[1] SySS Security Advisory SYSS-2021-061
[2] SySS Security Advisory SYSS-2021-062
[3] Oracle July 2021 Critical Patch Update (CPU)
[4] CVE-2021-2351
[5] Oracle Native Network Encryption: Breaking a Proprietary Security Protocol, SySS GmbH, Moritz Bechler, 2021
#oracle #security #vulnerability
This attack allows hijacking authenticated, cryptographically secured connections, and thus gaining access to the Oracle database with the privileges of the targeted victim user.
The security vulnerability exploited in this demo attack was discovered among other security weaknesses by the SySS IT security expert Moritz Bechler during a research project, and reported to Oracle according to our SySS Responsible Disclosure Program [1, 2].
The reported security vulnerabilities have already been fixed by Oracle in the July 2021 Critical Patch Update [3]. The assigned CVE ID concerning the demonstrated security issue and also other security weaknesses is CVE-2021-2351 [4].
The referenced paper titled "Oracle Native Network Encryption: Breaking a Proprietary Security Protocol" written by Moritz Bechler is available at [5].
[1] SySS Security Advisory SYSS-2021-061
[2] SySS Security Advisory SYSS-2021-062
[3] Oracle July 2021 Critical Patch Update (CPU)
[4] CVE-2021-2351
[5] Oracle Native Network Encryption: Breaking a Proprietary Security Protocol, SySS GmbH, Moritz Bechler, 2021
#oracle #security #vulnerability
0:10:53
Attacking Oracle Native Network Encryption (CVE-2021-2351)
0:05:05
what is Oracle Native Network Encryption(NNE) - data in transit encryption
0:03:11
Verify if the client is connecting to the Oracle database using native network encryption
0:55:52
Secure Oracle Database connections with one-way Transport Layer Security (TLS)
0:03:34
Introduction to Oracle Database Encryption Best Practice
0:22:44
1 Encryption on the Wire, Oracle Database Encryption
0:03:08
Verifying Oracle\*Net network encryption (4 Solutions!!)
0:44:04
Breaking Encrypted Databases: Generic Attacks on Range Queries
0:41:16
Keeping Secrets: Emerging Practice in Database Encryption
0:44:04
Breaking Encrypted Databases: Generic Attacks on Range Queries
0:45:55
Security Basics - Passwords and the Oracle Database
0:38:55
Paul M. Wright - Oracle 12c Security - Defense and Attack
0:19:19
Efficient Padding Oracle Attacks on Cryptographic Hardware
1:07:34
Hacking an Oracle Database and How to Prevent It
0:41:16
Back to basics with Transparent Data Encryption (TDE)
0:46:06
Ask Tom Office Hours: Database Security - Key Features
0:46:33
Architect to Defend and Recover from Ransomware Attacks
0:17:31
Oracle Database Exploitation with Metasploit | CTF Walkthrough
1:03:23
The Tools Hackers Are Using Against Your Oracle Database
0:05:48
Encrypt your Oracle Database with no downtime
0:50:58
48 Dirty Little Secrets Cryptographers Don’t Want You To Know
0:37:15
Oracle Database 23c - New Security Features
0:02:19
How Kerberos Works
0:43:44
Oracle Database 18c New Security Features
Комментарии