Oracle Database TNS Poisoning Attacks CVE-2012-1675

Overview of TNS poisoning attacks in Oracle database, including the relevance and importance of addressing this security vulnerability.

Brief introduction to Integrity, a company specializing in database security and Oracle E-Business Suite security, emphasizing their focus on helping clients protect their Oracle database environments.

Discussion on raising awareness, detecting, and defending against TNS poisoning attacks in Oracle databases, highlighting the importance of understanding the issues and implementing defensive measures.

Explanation of the TNS poisoning vulnerability reported to Oracle in 2016, its prevalence in security assessments, and the challenges in addressing default passwords in databases.

Insight into the process of reporting security vulnerabilities to Oracle, including a case study of a security researcher's communication with Oracle regarding a critical security bug.

Detailed demonstration of how TNS poisoning attacks can exploit Oracle databases, showcasing the simplicity and effectiveness of the attack method.

Recommendations for mitigating TNS poisoning attacks, including enabling specific security features like Valid Node Checking Registration (VNCR) and implementing SSL encryption for enhanced database security.

Discussion on methods for verifying the vulnerability, using tools like Nmap, to scan for vulnerable databases and ensuring proper security measures are in place.

Exploration of changing default database ports for security purposes, considering the concept of security through obscurity and the effectiveness of port changes in mitigating attacks.