Follow:

Latest articles in ‘Programming’


  1. Why making good software is deemed not profitable

    Published: Thu 23 November 2017 in Opinions.
    You thought that large companies have the means to produce high quality software? The situation is a bit more complex, let me explain you why.

    Another company got caught his hand in the cookie jar, and this time we are not talking of the firmware of some cheap home router:

    CVE-2017-10151, CVSS 3.0 Base Score 10.0:

    Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3.

    Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager.

    While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products.

    Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager.

    The issue is pretty simple: Oracle added a default account with administrative privileges and hardcoded credentials to their product to alleviate development work. This what is commonly called a backdoor.

    While there is obviously no statistics available about such practices …

Popular tags see all

Website

Author

Follow