Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password.
A researcher – Esteban Martinez Fayo, a researcher with AppSec tomorrow will demonstrate a proof-of-concept attack.
Martinez Fayo and his team first
Source: Oracle Database stealth password cracking vulnerability