Your PeopleSoft application is at a risk of getting HACKED..

by Prashant on December 14, 2017

in General

Your PeopleSoft application is really at a risk of getting hacked as a security vulnerability was found recently.

Due to this, any hacker can easily get into your PeopleSoft application and can access critical data such as payroll, personal info, financial information without need for a valid username and password.

It’s a scary thought for PeopleSoft customers such as Fortune 500 companies, federal & state government and agencies who rely on Oracle PeopleSoft application to manage their organization.

What is the Jolt and Bleed?

As you can guess from the name, this vulnerability was found in JOLT that is part of Oracle Tuxedo used in PeopleSoft application.

These vulnerabilities have a maximum CVSS score of 10.0 and may be exploited over a network without the need for a valid username and password.

Not sure what is JOLT? Read here

How does it work?

This error is originated with that how Jolt Handler (JSH) processes a command with opcode 0x32. If the package structure is incorrect, a programmer has to provide a Jolt client with a certain Jolt response indicating there is an error in the communication process.

During this message engineering, a programmer, that wrote the code, made a mistake in a function call responsible for packing data to transmit. The confusion was between 2 functions, jtohi and htoji. Consequently, packing of a constant package length that must be 0x40 bytes is actually 0x40000000.

Then a client initiates the transmission of 0x40000000 bytes of data. Manipulating the communication with the client, an attacker can achieve a stable work of a server side and sensitive data leakage. Initiating a mass of connections, the hacker passively collects the internal memory of the Jolt server. It leads to the leakage of credentials when a user is entering them through the web interface of a PeopleSoft system.

Also Read:  What are the Processes running on Process Scheduler

In below video , you will see how an attacker was able to get the user id and password from memory and ultimately able to login into PeopleSoft application.

Due to urgent nature of this issue, Oracle went ahead and released an emergency critical patch to fix this. Here is the link to Oracle security alert on this.

Who is impacted by this security vulnerability ?

All PeopleSoft applications using Oracle Tuxedo, versions 11.1.1, 12.1.1, 12.1.3, 12.2.2 are impacted by it. It covers majority of the recent PeopleTools version so Oracle recommends all PeopleSoft customers to apply this patch.

 

Hope you find this information helpful and let us know if you were able to apply it successfully.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: