Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enable a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password. The vulnerability enables an attacker to link a specific session key with a specific password hash. There are no overt signs when an outsider has targeted the weakness, and attackers aren’t required to have “man-in-the-middle” control of a network to exploit it. Oracle has no plans to fix the flaws for version 11.1 and 11.2 versions.
Source: https://thehackernews.com/2012/09/oracle-database-stealth-password.html