Home » RDBMS Server » Security » Oracle Password History
Oracle Password History [message #47236] Fri, 30 July 2004 09:27 Go to next message
Deborah J Williams
Messages: 1
Registered: July 2004
Junior Member
I am planning to implementa profile for selected users and willbe using the PASSWORD_REUSE and FAILED_LOGIN_ATTEMPTS features. Where are the historyfor passowrds and login attempts kept?? I assume it is in a table, but can't find it anywhere.



Thanks

Re: Oracle Password History [message #47243 is a reply to message #47236] Fri, 30 July 2004 22:04 Go to previous messageGo to next message
Jaladi Kiran
Messages: 13
Registered: July 2004
Junior Member
Hi,

I think all users Information is available in dba_users view.

just try this query in system login.
select * from dba_users;
Re: Oracle Password History [message #125538 is a reply to message #47236] Mon, 27 June 2005 06:04 Go to previous messageGo to next message
EdVonk
Messages: 4
Registered: June 2005
Location: The Netherlands
Junior Member
Use the sys tables USER_HISTORY$ and USER$
Re: Oracle Password History [message #125540 is a reply to message #47236] Mon, 27 June 2005 06:10 Go to previous messageGo to next message
EdVonk
Messages: 4
Registered: June 2005
Location: The Netherlands
Junior Member
Use the above if you want to see what dates the passwords have been reset (and the encrypted password).

For login attempts try database auditing or use triggers.
I don't reccommend that last option.
Re: Oracle Password History [message #141658 is a reply to message #47236] Tue, 11 October 2005 08:50 Go to previous messageGo to next message
atifzaman617
Messages: 7
Registered: September 2005
Location: PUNJAB
Junior Member

this query

select * from dba_users;


just tells us that how many system user are using database.but it don't tells us the passwords of the users correct i wnat to kanow how we can get the passwords of the user being dba.....plz mail me here atifzaman617@hotmail.com or info me here in the thread.......
waiting for ur replies
thanks
Re: Oracle Password History [message #141659 is a reply to message #141658] Tue, 11 October 2005 09:07 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10672
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
The database password is hashed in oracle.
You cannot decipher it into plain text.
Able to Do so will make the password utterly useless.
With dba rights, you can always change the password of the user or reset the password to what it was using the hash.
But you cannot SEE the password in plain text.

scott@9i > alter user test identified by newpassword;
 
User altered.
 
scott@9i > connect test/newpassword;
Connected.
scott@9i > connect scott/tiger
Connected.
scott@9i > select username,password from dba_users where username='TEST';
 
USERNAME                       PASSWORD
------------------------------ ------------------------------
TEST                           CF072A2E3AB555FB

scott@9i > alter user test identified by values 'CF072A2E3AB555FB';
 
User altered.
 
scott@9i > connect test/newpassword
Connected.

[Updated on: Tue, 25 October 2005 13:21]

Report message to a moderator

Re: Oracle Password History [message #141732 is a reply to message #47236] Tue, 11 October 2005 19:33 Go to previous messageGo to next message
atifzaman617
Messages: 7
Registered: September 2005
Location: PUNJAB
Junior Member

DEAR Mahesh Rajendran;
WHICH CODDE YOU TELL ME IT JUST CONNECT TO USER. BUT ME DON'T WANT TO CONNECT TO USER. I WANT TO SEE USER WHO IS USEING ORACLE AND WHAT ARE THERE PASSWORDS...SO I REQUEST YOU PLZ TELL ME THE CORRECT. WHICH EXAMPLE U GIVEIN BLOW IT JUST SHOWES USERNAME BUT NOT CORRECT PASSWORDS.I WANT TO THE CORRECT PASSWORD HERE NOT WANT TO CONNECT WITH IT. THANKS

USERNAME PASSWORD
------------------------------ ------------------------------
TEST CF072A2E3AB555FB





BEST REGARDS
ATIF ZAMAN
  • Attachment: 1.bmp
    (Size: 1.15MB, Downloaded 455 times)
Re: Oracle Password History [message #141734 is a reply to message #141732] Tue, 11 October 2005 20:03 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10672
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Did you read my previous posting?
It clearly says,
You cannot see the password in plaintext.
The password is always dispalyed in hashed format, as shown.
Re: Oracle Password History [message #141738 is a reply to message #141734] Tue, 11 October 2005 20:28 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10672
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Or maybe i misunerstood your question.
If you are looking to find the users who are currently connected, look into v$session.
Re: Oracle Password History [message #141805 is a reply to message #47236] Wed, 12 October 2005 04:42 Go to previous messageGo to next message
atifzaman617
Messages: 7
Registered: September 2005
Location: PUNJAB
Junior Member

DEAR Sir Mahesh Rajendran;
Sir u are wirting scott@9i> it is confuse me...and test/newpassword.....these are confusing me....i connect to system/manager and i want to know the password of "DBSNMP"
while this "select * from dba_users" qure show the password for "DBSNMP" this (17 E066D214D5421CCC ). Now i want to know what is this password
And secondly i don't want to change the password because if some using this account i want to just get that password and want to connect that password........
If some one creat another user then i wnat to know what is his password...i think it is same question as above.........
BEST REGARDS
THANKS



ATIF ZAMAN
Re: Oracle Password History [message #141810 is a reply to message #141805] Wed, 12 October 2005 05:02 Go to previous messageGo to next message
tarundua
Messages: 1080
Registered: June 2005
Location: India
Senior Member


Dont get confused , that is just the logged in user. And i think Mahesh made it already clear that you cannot view the password as plain text.

Re: Oracle Password History [message #141820 is a reply to message #141805] Wed, 12 October 2005 06:17 Go to previous messageGo to next message
Mahesh Rajendran
Messages: 10672
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
Atif,
E066D214D5421CCC is the password.
You cannot see it in plain text.
Re: Oracle Password History [message #141873 is a reply to message #47236] Wed, 12 October 2005 10:48 Go to previous messageGo to next message
atifzaman617
Messages: 7
Registered: September 2005
Location: PUNJAB
Junior Member

DEAR MASHASE;
My teacher says that there is nothing impssible in IT. He know how to get the password because he is an OCM but he is not telling me because of secuirty. And i request to all may be you know about that ..Any how i try find it anywere othere...oooh ya i remember he tell me that i can get password when i get its encryption key then by descryptng it..and also ask me about SSL. to get password ..but i don't know what are these ....may be u understand plz try to get.....if you find any help
Re: Oracle Password History [message #149413 is a reply to message #47236] Thu, 01 December 2005 11:36 Go to previous messageGo to next message
atifzaman617
Messages: 7
Registered: September 2005
Location: PUNJAB
Junior Member

I think that no one is here to help me
Re: Oracle Password History [message #152888 is a reply to message #149413] Tue, 27 December 2005 08:52 Go to previous messageGo to next message
skorpian23
Messages: 1
Registered: December 2005
Junior Member

Your Prof is correct, nothing is impossible in IT, the problem is the task you are asking is improbable. Oracle stores all user passwords in an encrypted form. It does not KNOW the original password. So for example, say you create a user SCOTT and the password that is assigned is "welcome" Oracle converts "welcome" into a 128 bit string. So to make things simple, lets say "welcome" gets stored as "xfdgtp". (not 128 bits, but this only an example). Now anytime SCOTT logs in, he enters in his password of "welcome", Oracle then recalculates the encrypted password on the fly and calculates "xfdgtp". Does the entered password "xfdgtp" match the stored password "xfdgtp"? Yes, then SCOTT is logged in. Now the questions is how do you convert "xfdgtp" back to "welcome", well only Oracle knows that algorithm, and like other's have said, if we knew that, then Oracle's security is useless. So to ask the question what is a user's password is not practical, as not even the Oracle Database knows that...all it knows it the users enters in some password that gets encrypted to "xfdgtp" by applying some unknown algorithm to the word "welcome". This does mean that it is possible, in theory, that you can have another word that also gets encrypted to "xfdgtp". If you could find that word, that would also then be considered the user's password. So trying to reverse engineer the algorithm, which is improbable, would almost certainly not return you to the original password anyway, it would only give you a password that gets encrypted to the same encrypted password. It is like taking 2 different roads to the same place…once you are there, how can you tell which path was taken??? You can’t. You can only find a path that led you to your destination, but there is no way for certain to determine the correct starting path. I hope this helps, but in the end, there is no way for you or anyone here to retrieve the original password that was chosen. If you really need to know it, find out who else is using it...and ask them, or reset the password to something you know.

Re: Oracle Password History [message #198501 is a reply to message #149413] Tue, 17 October 2006 07:20 Go to previous messageGo to next message
viral.sampat
Messages: 1
Registered: October 2006
Junior Member
select name,password,host from sys.LINK$;



ENJOY !!!!!!!!!!!
Re: Oracle Password History [message #198541 is a reply to message #198501] Tue, 17 October 2006 09:38 Go to previous message
Mahesh Rajendran
Messages: 10672
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
@viral.sampat
The mentioned hack is a very known bug in 9i which was fixed in 10g.
First you need a database link and access to sys.link$.
SYS >ed
Wrote file afiedt.buf

  1  create database link dblink_10g
  2  connect to scott identified by tiger
  3* using 'dubbel'
SYS >/

Database link created.

SYS >select name,userid,password from sys.link$;

NAME                           USERID                         PASSWORD
------------------------------ ------------------------------ ------------------------------
DBLINK_10G                     SCOTT

Previous Topic: getting ora 1034 and ora 27101
Next Topic: database link
Goto Forum:
  


Current Time: Fri Dec 02 14:14:39 CST 2016

Total time taken to generate the page: 0.09151 seconds