Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: getting users passwords in plain text

RE: getting users passwords in plain text

From: Elliott, Patrick <>
Date: Tue, 16 Oct 2007 09:06:42 -0500
Message-ID: <>

The only way I know of is in 9i and lower, and then only if there is a database link. The SYS.LINK$ table contains clear text passwords for database links to a remote database. Otherwise you could get a copy of the official scrabble password dictionary OSPD and write a pl/sql package to hack the passwords. If the passwords are strong ones, then this will be really difficult. If the users are entering their own passwords and you are not enforcing strong passwords, then you might try just the usernames as passwords and see what you get. Try the following in sqlplus:

set pages 0
set head off
set feed off
spool password_check.sql
select 'connect '||username||'/'||username   from dba_users;
spool off
set feed on
spool password_check.log
spool off

Then look for any "Connected" messages.

This was a problem for us until we implemented strong password restrictions in our databases. The above won't work if you are also.

You might try mixing up the password a bit also, like adding numbers to the end, or changing some of the letters to numbers.


From: [] On Behalf Of Vincent verpoort Sent: Tuesday, October 16, 2007 8:14 AM
To: Oracle-L Freelists
Subject: getting users passwords in plain text

Hi Experts,

I have a question that's a bit unethical.

For a company i'm working for i need to find out what the passwords are of oracle users. As changing them means a lot of work for allot of poeple.

Is there anyway i can clear text the password from dba database, i have sysdba and all privs.

any points would be nice also i want to put this into script so if anyone has something ?

                           Vincent Verpoort

              Communiceren is begrepen worden

___________________________________________________________________________________________________ CONFIDENTIALITY AND PRIVACY NOTICE Information transmitted by this email is proprietary to Medtronic and is intended for use only by the individual or entity to which it is addressed, and may contain information that is private, privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please delete this mail from your records. To view this notice in other languages you can either select the following link or manually copy and paste the link into the address bar of a web browser: --
Received on Tue Oct 16 2007 - 09:06:42 CDT

Original text of this message