Brahmanand Reddy <[email protected]> writes: > CVE-2018-15473 is a "user existence oracle bug which does not meet our > criteria for security advisories". > > You mean this vulnerability which will impact/affects only for Oracle > base? . kindly confirm.
An oracle vulnerability is a type of information disclosure bug which does not directly expose information but can be used to confirm guesses. In this case, the bug allows you to confirm the existence of an account by attempting to log into it with a random password. It does not actually give you a list of existing accounts, as “account enumeration” would suggest. DES -- Dag-Erling Smørgrav - [email protected] _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
