Oracle Hyperion password disclosure...

From: Jeff Kayser <jeff.kayser@jibeconsulting.com>
To: bugtraq@securityfocus.com <bugtraq@securityfocus.com>
Cc: Jeff Kayser <jeff.kayser@jibeconsulting.com>,bruce lowenthal- (bruce.lowenthal@oracle.com) <bruce.lowenthal@oracle.com>
Subject: Oracle Hyperion password disclosure...
Date:

Attachments:
image001.jpg
image002.jpg
image003.jpg
image004.jpg
image005.jpg
Hyperion Essbase Rapid Deploy.docx

Hi, all.

Oracle Hyperion Rapid Deployment installer leaves plaintext passwords in config files and logfiles.  Oracle has known about this for 2 years, and has decided not to patch any of the product versions prior to the latest version.  I have additional details if anyone is interested.

Jeff Kayser
Jibe Consulting | Managing Principal Consultant
5000 Meadows Rd. Suite 300
Lake Oswego, OR 97035
O: 503-517-3266 | C: 503.901.5021
jeff.kayser@jibeconsulting.com

[cid:image009.jpg@01D00437.3D3091D0]<http://www.jibeconsulting.com/>
                              [cid:image010.jpg@01D00437.3D3091D0] <http://www.linkedin.com/company/jibe-consulting>      [cid:image011.jpg@01D00437.3D3091D0] <http://www.facebook.com/JibeConsulting>      [cid:image012.jpg@01D00437.3D3091D0] <http://twitter.com/#!/JibeConsulting>

[cid:image013.jpg@01D00437.3D3091D0]


Disclaimer: This electronic message may contain information that is Confidential or legally privileged. It is intended only for the use of the individual(s) and entity named in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from your computer. Do not deliver, distribute or copy this message and do not disclose its contents or take any action in reliance on the information it contains.




Copyright © 1995-2018 LinuxRocket.net. All rights reserved.