During his talk at the #hack in the Box conference, Alexey Tyurin, Head of the Oracle Security Department at ERPScan, spotlighted several vulnerabilities in Oracle PeopleSoft applications. Oracle is the second largest vendor on the ERP market, and its PeopleSoft is used in more than 7000 companies including about 50 % of Fortune 100.
PeopleSoft systems are often accessible from the Internet. And some parts of the system have to be available before registration, for example, job application forms or “Forgot your password?” forms.
