A hole in Oracle Access Manager (OAM) can end up leveraged to bypass authentication and impersonate any user account.
The padding oracle vulnerability was discovered after finding minor peculiarities in the cryptographic implementation in the OAM that had a real-life impact on the security of the product.
“By exploiting this vulnerability we were able to fabricate arbitrary authentication tokens, allowing us to impersonate any user and effectively break the main functionality of OAM,” said SEC Consult researcher Wolfgang Ettlinger.
OAM is the component of the Oracle Fusion Middleware that handles authentication for web applications.
“In typical scenarios, the web server that provides access to the application is equipped with an authentication component (the Oracle WebGate),” Ettlinger said. “When a user requests a protected resource from the web server, it redirects her to an authentication endpoint of the OAM. The OAM then authenticates the user (e.g. with username and password) and redirects her back to the web application. Since all the authentication is handled by a central application, a user only has to authenticate once to access any application protected by the OAM (Single Sign-On).”
The vulnerability can end up exploited to decrypt and encrypt messages used to communicate between the OAM and web servers. The researchers constructed a valid session token and encrypt it, then pass it off as valid to the web server. This allowed them to access protected resources as a user already known to the OAM.
The vulnerability affects OAM versions 11g and 12c.
“A simple Google Dork to find OAM installations yields about 11.800 results, some pointing to high-profile organizations (including Oracle itself). Those are only the installations reachable on the Internet,” Ettlinger said.
“The message you should learn from this is to adhere to the first two rules of cryptography, the first one being: ‘You do not roll your own crypto!’ The second: ‘You DO NOT roll your own crypto!’ ” Ettlinger said. “Cryptography is very hard to get exactly right. Even when using standard implementations of algorithms, it is challenging to design a proper cryptographic format or protocol. Quite often, seemingly secure implementations can exhibit serious vulnerabilities – and that goes way beyond the rather well known padding oracle attack.”