#oracleopera — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #oracleopera, aggregated by home.social.
-
By nature, restaurant systems tend to hold sensitive data at least until closeout and often longer. Tokenization helped that, but chain setups/online ordering can keep things interesting.
-
This brings back a lot of memories. Never dealt with the hospitality suite with Micros/Oracle, but its restaurant POS systems have a huge footprint too. And one thing that was very common in restaurants, regardless of which POS vendor they went with, was a lot of them would wait absolutely as long as possible to upgrade. There were places out there using POSs from companies that didn’t even exist anymore.
-
There’s various #OracleOpera @shodan queries you can use, eg html:OperaLogin, to find hotels. Every one I’ve seen is unpatched.
-
The product is also known as Micros Opera, and it’s everywhere. It’s also rammed full of other unpatched vulns. And orgs face it directly to internet. #OracleOpera
-
At some stage, we need to talk about Oracle product security.
- Oracle Opera vulnerability CVE-2023-21932.
- Preauth RCE, GET request to cgi-bin script.
- Oracle didn’t produce a patch for one year and downplayed severity.
- This software is used by almost all of the largest hotel chains around the world.
- This critical piece of software holds all of the PII for every guest, including but not limited to credit card details.https://blog.assetnote.io/2023/04/30/rce-oracle-opera/ #OracleOpera #CVE202321932