My Oracle Support Banner

Resolve concerns regarding PeopleSoft PS_TOKEN cracking (Doc ID 2017521.1)

Last updated on SEPTEMBER 30, 2019

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.51 to 8.54 [Release 8.4]
Information in this document applies to any platform.


In May 2015, a security researcher claimed that brute force attacks could be used against PeopleSoft cookie-token, allegedly resulting in potentially providing the malicious attacker with the ability to escalate his/her privileges.

The purpose of this note is to discuss these public assertions as they relate to the weakness of the SHA-1 algorithm against brute force attacks and the implication of such attacks in PeopleSoft Enterprise environments.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.