Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: getting users passwords in plain text

RE: getting users passwords in plain text

From: Elliott, Patrick <patrick.elliott_at_medtronic.com>
Date: Tue, 16 Oct 2007 09:06:42 -0500
Message-ID: <3B8B6A1700202C43A89D61CE495C894E0C03A555D9@MSPM1BMSGM103.ent.core.medtronic.com> 






The only way I know of is in 9i and lower, and then only if there is a database link.  The SYS.LINK$ table contains clear text passwords for database links to a remote database.  Otherwise you could get a copy of the official scrabble password dictionary OSPD and write a pl/sql package to hack the passwords.  If the passwords are strong ones, then this will be really difficult.  If the users are entering their own passwords and you are not enforcing strong passwords, then you might try just the usernames as passwords and see what you get.  Try the following in sqlplus:



set pages 0


set head off


set feed off


spool password_check.sql


select 'connect '||username||'/'||username
  from dba_users;


spool off


set feed on


spool password_check.log


@password_check.sql


spool off



Then look for any "Connected" messages.



This was a problem for us until we implemented strong password restrictions in our databases.  The above won't work if you are also.



You might try mixing up the password a bit also, like adding numbers to the end, or changing some of the letters to numbers.



Pat






From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Vincent verpoort
Sent: Tuesday, October 16, 2007 8:14 AM


To: Oracle-L Freelists


Subject: getting users passwords in plain text



Hi Experts,



I have a question that's a bit unethical.



For a company i'm working for i need to find out what the passwords are of oracle users. As changing them means a lot of work for allot of poeple.



Is there anyway i can clear text the password from dba database, i have sysdba and all privs.



any points would be nice also i want to put this into script so if anyone has something ?


--
                           Vincent Verpoort

  ,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_
              Communiceren is begrepen worden


^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-.




___________________________________________________________________________________________________
CONFIDENTIALITY AND PRIVACY NOTICE
Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records.

To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: http://emaildisclaimer.medtronic.com
--
http://www.freelists.org/webpage/oracle-l


Received on Tue Oct 16 2007 - 09:06:42 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US