Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: review your database for default accounts with known passwords

Re: review your database for default accounts with known passwords

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Wed, 10 Nov 2004 16:33:14 +0000
Message-ID: <iaQYOgAKLkkBBxyy@peterfinnigan.demon.co.uk> 





Great, glad it was of use to you.



kind regards



Pete



In article <20041110154532.74997.qmail_at_web51509.mail.yahoo.com>, Sriram
Ramachandran <sriram_kr_2000_at_yahoo.com> writes


>Pete,

>     I installed and ran the tool on my test system

>and it works great!!. We are running an apps 11i

>environment and it helped me to fix some default

>passwords.

>

>Thank you very much,

>Sriram

>

>--- Pete Finnigan

><oracle_list_at_peterfinnigan.demon.co.uk> wrote:

>

>> Hi,

>> 

>> I have just added a new tool to my web site that

>> will test your database

>> for known default users and more importantly for

>> known default

>> passwords. The tool is a set of PL/SQL scripts that

>> loads a list of 474

>> known default users to a table. A package procedure

>> is then used to loop

>> through all of the databases users to test if they

>> are default and have

>> known passwords. 

>> 

>> The list of passwords and users is supplied in a

>> spreadsheet that

>> includes details of what most of the users are used

>> for as well as a

>> severity rating for them. This is probably the

>> biggest list of default

>> users available on the net.

>> 

>> The scripts were written by Marcel-Jan Krijgsman and

>> are available from

>>

>http://www.petefinnigan.com/default/default_password_checker.htm

>> 

>> Kind regards

>> 

>> Pete

>> -- 

>> Pete Finnigan (email:pete_at_petefinnigan.com)

>> Web site: http://www.petefinnigan.com - Oracle

>> security audit specialists

>> Oracle security blog:

>>

>http://www.petefinnigan.com/weblog/entries/index.html

>> Book:Oracle security step-by-step Guide - see

>> http://store.sans.org for details.

>> 

>> --

>> http://www.freelists.org/webpage/oracle-l

>> 

>

>

>__________________________________________________

>Do You Yahoo!?

>Tired of spam?  Yahoo! Mail has the best spam protection around 

>http://mail.yahoo.com 



-- 
Pete Finnigan (email:pete_at_petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

--
http://www.freelists.org/webpage/oracle-l


Received on Wed Nov 10 2004 - 10:32:24 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US