Aurhentication bypass in Oracle Access Manager SSO solution via padding oracle crypto attack
In Summary : T he Oracle Access Manager (OAM) is the component of the Oracle Fusion Middleware that handles authentication for all sort...
https://updatesinfosec.blogspot.com/2018/05/aurhentication-bypass-in-oracle-access.html
In Summary :
The Oracle Access Manager (OAM) is the component of the Oracle Fusion Middleware that handles authentication for all sorts of web applications. In typical scenarios, the web server that provides access to the application is equipped with an authentication component (the Oracle WebGate). When a user requests a protected resource from the web server, it redirects her to an authentication endpoint of the OAM. The OAM then authenticates the user (e.g. with username and password) and redirects her back to the web application. Since all the authentication is handled by a central application, a user only has to authenticate once to access any application protected by the OAM (Single Sign-On).[...]
kindly refer the following link as follow up :
https://ift.tt/2HKd63c
The Oracle Access Manager (OAM) is the component of the Oracle Fusion Middleware that handles authentication for all sorts of web applications. In typical scenarios, the web server that provides access to the application is equipped with an authentication component (the Oracle WebGate). When a user requests a protected resource from the web server, it redirects her to an authentication endpoint of the OAM. The OAM then authenticates the user (e.g. with username and password) and redirects her back to the web application. Since all the authentication is handled by a central application, a user only has to authenticate once to access any application protected by the OAM (Single Sign-On).[...]
kindly refer the following link as follow up :
https://ift.tt/2HKd63c
