A massive-risk security bug in Oracle’s Micros point of sale systems that was discovered by ERPScan security researcher Dmitry Chastuhin has the potential to put the business data at risk.
Security attacks have become a most common and critical problem in recent times. Breaches in point of the sale payment terminal have been the breeding grounds for hackers. Last year, Forever 21 had to face the wrath of this attack, putting thousands of customers’ credentials at risk.
The vulnerability in Oracle Micros, allows a hacker to gain unauthenticated read and write access to the point of sale server’s database, thereby leveraging to compromise and download a company’s complete business data.
The flaw has acquired 8.1 score of 10 for its highly hazardous nature. It means that the security issue is dangerous and must be patched primarily or an attacker will be able to read any file and receive information about various services without authentication from a vulnerable MICROS workstation.
The researchers stated further that the flaw can be exploited by those, like an employee who has the access to flawed micros point of sale device. The attacker can snatch DB usernames and password hashes, brute them and gain full access to the DB with all business data. There are several ways of its exploitation, leading to the whole MICROS system compromise.
Oracle has confirmed that vulnerability is severe and said that complexity of the attack is intense. However, the tech giant has said that it has fixed the flaw, as part of its quarterly patching schedule.