During a research project, SySS IT security expert Moritz Bechler found several security issues concerning the proprietary security protocol Oracle Native Network Encryption.
Oracle Native Network Encryption is the default protocol used for securing network connections between Oracle database clients and servers, for instance when using the Oracle Instant Client.
You can find the results of Moritz Bechler’s security analysis in his paper titled Oracle Native Network Encryption: Breaking a Proprietary Security Protocol.
Furthermore, information about the found security issues are also provided in our two SySS security advisories SYSS-2021-061 and SYSS-2021-062 that were assigned the CVE ID CVE-2021-2351.
A couple of months ago, we have reported the security vulnerabilities in the course of our responsible disclosure program, and they have already been fixed by Oracle in the July 2021 Critical Patch Update (CPU).
A successful attack against the Oracle Native Network Encryption is demonstrated in our PoC Video Attacking Oracle Native Network Encryption, which allows an attacker to hijack authenticated, cryptographically secured database connections, and thus gaining access to the database with the privileges of the targeted victim user.