1) If we are using Only 10G databases, are we impacted by this vulnerability? I assume 10g databases uses DES based password verifiers and not SHA-1.
I have many 10g and few 11g. If 10gs are not impacted, I can only focus on 11g databases.
2) When we are using 11g databases, can we decide if we have to use SHA-1 based password verifiers or DES based passwords?
Other than EC_CASE_SENSITIVE_LOGON=TRUE, is there any way that we can control if we are using SHA-1 based or DES based password
Any other information about CVE-2012-3137 you can share will be helpful.