1 Reply Latest reply on Nov 6, 2012 9:19 PM by Osama_Mustafa

    CVE-2012-3137

    user13312943
      Hi,
      I have few questions on CVE-2012-3137.

      1) If we are using Only 10G databases, are we impacted by this vulnerability? I assume 10g databases uses DES based password verifiers and not SHA-1.
      I have many 10g and few 11g. If 10gs are not impacted, I can only focus on 11g databases.

      2) When we are using 11g databases, can we decide if we have to use SHA-1 based password verifiers or DES based passwords?
      Other than EC_CASE_SENSITIVE_LOGON=TRUE, is there any way that we can control if we are using SHA-1 based or DES based password
      verifiers?

      Any other information about CVE-2012-3137 you can share will be helpful.

      Thanks,
      Sarayu