Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) suffer from a password hash information leak in the OCIPasswordChange API.
e2d8ceacee689c85e629fe5bfcccd557fbcf5ea5105b2a0f0175aef82bc1a1bb
Team SHATTER Security Advisory - Oracle Database Server versions 10gR1, 10gR2 (10.2.0.4 and previous patchsets) and 11gR1 (11.1.0.7 and previous patchsets) have an issue where failed authentication attempts using the OCIPasswordChange API are not recorded.
173e01a97b485a5516ae3a72a066b88d84c9785fbf34fde460d39e1a7ee0dcb4