RE: Pete Finnigan's Oracle database password checker

From: Bort, Guillermo <guillermo.bort_at_eds.com>
Date: Tue, 7 Oct 2008 20:53:48 -0500
Message-ID: <785A4E1EF4D9E745BAC909B7941BEC0094FB0D@usplm201.amer.corp.eds.com>


It means the role has a password and that it most likely has a weak password.

I run it in a testing environment and got about 15 results, then run it in a production database and got about 90 passwords. I am implementing a password verification function now... any suggestions?

People REALLY need to start being careful about their passwords...

I will work on extending the dictionary to include spanish words...

regards

Guillermo Alan Bort
EDS - ITO DBA Main Group

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Ray Stell Sent: Tuesday, October 07, 2008 5:07 PM
To: Andre van Winssen
Cc: Oracle-L Freelists
Subject: Re: Pete Finnigan's Oracle database password checker

On Tue, Oct 07, 2008 at 02:41:19PM +0200, Andre van Winssen wrote:
> Pete Finnigan released v2 of his oracle database password checker written in
> plsql.

ran for four hours on a old, slowaris devel machine.

It reports the following.

T Username Password CR FL STA



R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP GE for GLOBAL/EXTERNAL
CR for cracked passwords
OP means Openo

what are the implications of this. I don't know if I should alter the role or not.

--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l
Received on Tue Oct 07 2008 - 20:53:48 CDT

Original text of this message