Oracle Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2004-1367 - Vulnerability Database

Oracle Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2004-1367

Medium
Reference: CVE-2004-1367
Title: Oracle Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

Oracle 10g Database Server when installed with a password that contains an exclamation point (quotquot) for the (1) DBSNMP or (2) SYSMAN user generates an error that logs the password in the world-readable postDBCreation.log file which could allow local users to obtain that password and use it against SYS or SYSTEM accounts which may have been installed with the same password.