Forum Discussion
3 Replies
- zackAltostratus
I am also interested in it...
- samstepCirrocumulus
First of all the patch is already available from Oracle, so instead of trying to protect your OIM using F5 ASM just patch your OIM now.
There is also a workaround (if you don't want to patch for some reason) which involves changing the password of user OIMINTERNAL (as it is a single space by default!!!)
Ref:
https://www.integrigy.com/security-resources/cve-2017-10151-oracle-identity-manager-vulnerability
I am not aware of an ASM Signature which detects this, but it is not that difficult to create a custom one to detect any login attempts with username OIMINTERNAL.
You can also quickly mitigate this vulnerability in your ASM policy by setting the minimum length on the password parameter "pt1:_pt_it2" to 8 characters on URL: "/oim/faces/pages/Login.jspx"
Any attackers trying to login with a password shorter than 8 characters (which includes single space password), ASM will trigger the "Illegal parameter value length" violation (make sure it is set to Block if you want to block)
- samstepCirrocumulus
In case if you missed this - a custom signature has now been published by F5 here:
Hope this helps,
Sam