The vulnerability exists in Oracle Database 11g Releases 1 and 2 and is caused by a problem with the way the authentication protocol protects session keys when users try to log in. The attacker could then log on as an authenticated user and take unauthorized actions on the database. The researcher who discovered the bug has a tool that can crack some simple passwords in about five hours on a normal PC. The vulnerability is in a widely deployed product and is easy to exploit, researcher Esteban Martinez Fayo said he considers it to be quite dangerous.
Source: https://threatpost.com/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012/77032/