Intrusion Prevention

Oracle.Ntlm.Stealer

Description

An attacker can get LM/NTLM hash of a oracle's host server by sending a legal SQL command containing the IP address of a SMB sniff server.
Applying brute force attack to LM/NTLM hash could possibly crack the server's admin password.
This does not indicates any vulnerabilities.

Affected Products

Windows server with any Oracle database system installed.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Use stronger password could lower the risk of brute force cracking.