Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account (OIMINTERNAL) which has its default password set to a single space character.

This highly privileged account allows attackers to completely compromise Oracle Identity Manager.

Mitigation with attack signatures

ASM users are encouraged to configure the following user defined attack signature to detect exploitation attempts of this vulnerability:

 

valuecontent:"pt1:_pt_it2"; nocase; norm; re2:"/pt1:_pt_it2\W*?=\s$/Vi"; norm;

 

This signature is due to be included in the next ASU, which is planned to be released in mid-November.