Resolve concerns regarding PeopleSoft PS_TOKEN cracking
Last updated on OCTOBER 17, 2016
Applies to:PeopleSoft Enterprise PT PeopleTools - Version 8.51 to 8.54 [Release 8.4]
Information in this document applies to any platform.
In May 2015, a security researcher claimed that brute force attacks could be used against PeopleSoft cookie-token, allegedly resulting in potentially providing the malicious attacker with the ability to escalate his/her privileges.
The purpose of this note is to discuss these public assertions as they relate to the weakness of the SHA-1 algorithm against brute force attacks and the implication of such attacks in PeopleSoft Enterprise environments.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms