Paris, France - June 19, 2015 Alexey Tyurin, Head of Oracle Security at ERPScan, delivered a presentation at the Hack in Paris conference. Alexey highlighted multiple PeopleSoft vulnerabilities that can be exploited by hackers including the TockenChpocken attack.
Oracle PeopleSoft applications include different critical business systems like HRMS, FMS, SCM, CRM, etc. They are widespread in the world (about 50 % of Fortune 100). In addition, some of these systems (especially HRMS) are accessible from the Internet. Nevertheless, there is almost no research on the security of PeopleSoft applications. Oracle publishes basic information about vulnerabilities in the applications on a regular basis, but it's not enough for penetration testers. In addition, the uncommon internal architecture of PeopleSoft applications makes black-box testing much harder. Some cases of efficient attacks against PeopleSoft are in the news from time to time.
About Hack in Paris
The aim of Hack in Paris is to bring together security professionals and enthusiasts. The conference is focused on the latest advances in IT security. HIP provides state of the art IT security to professionals. The conference consists of are two portions, training and focused lectures.