Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: OT RE: Re[2]: security problem with 8i

RE: OT RE: Re[2]: security problem with 8i

From: Mohan, Ross <MohanR_at_STARS-SMI.com>
Date: Wed, 18 Jul 2001 08:45:51 -0700
Message-ID: <F001.0034D830.20010718083701@fatcity.com>

JS,

I think DG did this and mail got
crossed.

HTH, RM

-----Original Message-----
Sent: Wednesday, July 18, 2001 11:51 AM
To: Multiple recipients of list ORACLE-L

Ross,

You can get into all of my databases that way, including the enterprise SAP database.

Wonderful huh?

Changing passwords around is on my todo list, but it's often not as simple as just changing it. There may be other ramifications, like it's a FailSafe database for instance.

Or a 3rd party duhveloper installed the software and set everyone up to run as SYSTEM. Brilliant.

Jared

On Wednesday 18 July 2001 08:20, Mohan, Ross wrote:
>
> Although there has been so much publicity of security "holes" in
> Oracle, in
> particular the listener, the one hole that really causes me concern is the
> default passwords for sys and system and/or using the username as a
> password.
> Over the past 2 years I've been to a few sites, like 4, at a friends
> request and/or on an interview where the manager said "show me" and each
> time I've been
> able to log onto the DB with any of the following:
>
> sys/change_on_install
> sys/sys
> system/system
> system/manager
>
> Now come on, this was an old V6 thing that we were suppose to do, and
we're
> still not!!
>
> Dick Goulet
>
> ____________________Reply Separator____________________
> Author: Ray Stell <stellr_at_stell.cns.vt.edu>
> Date: 7/18/2001 5:15 AM
>
> On Wed, Jul 18, 2001 at 03:45:57AM -0800, Jon Walthour wrote:
> > Listers:
> >
> > My client has asked me to look into this issue and determine if they
>
> should
>
> > be concerned about it or not. Since they don't have any db's directly
> > accessible from the Internet and since their LAN is very secure anyway,
>
> I'm
>
> > inclined to not apply any patches based on the premise that if it isn't
a
> > necessary patch, don't apply it in fear of breaking something else. What
>
> do
>
> > you think?
> > --
>
> two words, disgruntled employee
> ===============================================================
> Ray Stell stellr_at_vt.edu (540) 231-4109 KE4TJC 28^D

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jared Still
  INET: jkstill_at_cybcon.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Mohan, Ross
  INET: MohanR_at_STARS-SMI.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Jul 18 2001 - 10:45:51 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US