Joshua Wright, a renown security expert and researcher at SANS Institute, released details of how to breech the Oracle password hashing algorithm during a presentation at the SANS Network Security conference in Los Angeles.
He demonstrated an attack tool he wrote that makes it possible to recover the plaintext password from even very strong, well written passwords within minutes.
Along with colleague Dr Carlos Cid from the Royal Holloway, University of London, Joshua Wright has written a paper which details how passwords are encrypted before being stored in Oracle databases.
Oracle were alerted to the vulnerability in July.
The SANS Institute (SysAdmin, Audit, Networking, and Security) is an organisation that focuses on providing computer education and information security training.
The paper is available from the SANS Reading Room.