Oracle Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2004-1367

Oracle 10g Database Server when installed with a password that contains an exclamation point (quotquot) for the (1) DBSNMP or (2) SYSMAN user generates an error that logs the password in the world-readable postDBCreation.log file which could allow local users to obtain that password and use it against SYS or SYSTEM accounts which may have been installed with the same password.