Resolve concerns regarding PeopleSoft PS_TOKEN cracking
(Doc ID 2017521.1)
Last updated on JULY 13, 2018
Applies to:PeopleSoft Enterprise PT PeopleTools - Version 8.51 to 8.54 [Release 8.4]
Information in this document applies to any platform.
In May 2015, a security researcher claimed that brute force attacks could be used against PeopleSoft cookie-token, allegedly resulting in potentially providing the malicious attacker with the ability to escalate his/her privileges.
The purpose of this note is to discuss these public assertions as they relate to the weakness of the SHA-1 algorithm against brute force attacks and the implication of such attacks in PeopleSoft Enterprise environments.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!