OAMBuster icon indicating copy to clipboard operation
OAMBuster copied to clipboard

Published 20 hours ago verified publisher icon redtimmy

Metadata

Multithreaded Padding Oracle Attack on Oracle OAM (CVE-2018-2879)

OAMBuster

Multithreaded Padding Oracle Attack on Oracle OAM (CVE-2018-2879)

Authors

Red Timmy (Marco Ortisi, Stefan Broeder, Ahmad Mahfouz)

Description

This multithreaded exploit was developed to greatly increase the speed of the attack as compared to the single threaded version. For more information about the technical details of the attack, see this blog post by SEC Consult:

https://sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/

Screenshot of OAMBuster

The first two stages will quickly verify whether the website is vulnerable to the attack. Stage 3 will launch the multithreaded Padding Oracle attack.

More information

Please adjust the valid_padding() function to catch the error that is returned from a padding failure in your environment.

For more information about the exploit and our trainings on advanced Java attacks, see RedTimmy.com

Metadata

24
Stars
9
Forks
Watchers

Owner

verified publisher icon redtimmy

Metadata

Multithreaded Padding Oracle Attack on Oracle OAM (CVE-2018-2879)

Back