CVE-2004-2134

Oracle toplink mapping workBench - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2134. PoCs published by Pete Finnigan.

AI-analyzed exploit summary This Perl script decrypts passwords stored by OracleAS TopLink Mapping Workbench, which uses a weak substitution cipher and appends a static string. The PoC reverses the encryption process to retrieve plaintext passwords from encrypted XML files.

Description

Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pete Finnigan · perllocalmultiple

https://www.exploit-db.com/exploits/23611

View Code ZIP pw:eip

This Perl script decrypts passwords stored by OracleAS TopLink Mapping Workbench, which uses a weak substitution cipher and appends a static string. The PoC reverses the encryption process to retrieve plaintext passwords from encrypted XML files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OracleAS TopLink Mapping Workbench (versions unspecified, likely older releases)

No auth needed

Prerequisites: Access to XML files generated by OracleAS TopLink Mapping Workbench

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9515

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/352315/30/21430/threaded

Exploit x_refsource_misc

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=107531028325112&w=2

Vendor Advisory mailing-list x_refsource_vuln-dev

http://www.securityfocus.com/archive/82/351719

Scores

EPSS 0.0158

EPSS Percentile 72.3%

Details

Status published

Products (7)

oracle/application_server 9.0.2

oracle/application_server 9.0.2.0.0

oracle/application_server 9.0.2.0.1

oracle/application_server 9.0.2.1

oracle/application_server 9.0.2.2

oracle/application_server 9.0.2.3

oracle/application_server 9.0.3

Published Jan 28, 2004

Tracked Since Feb 18, 2026