RE: Pete Finnigan's Oracle database password checker

From: Bort, Guillermo <>
Date: Tue, 7 Oct 2008 20:53:48 -0500
Message-ID: <>

It means the role has a password and that it most likely has a weak password.

I run it in a testing environment and got about 15 results, then run it in a production database and got about 90 passwords. I am implementing a password verification function now... any suggestions?

People REALLY need to start being careful about their passwords...

I will work on extending the dictionary to include spanish words...


Guillermo Alan Bort
EDS - ITO DBA Main Group

-----Original Message-----
From: [] On Behalf Of Ray Stell Sent: Tuesday, October 07, 2008 5:07 PM
To: Andre van Winssen
Cc: Oracle-L Freelists
Subject: Re: Pete Finnigan's Oracle database password checker

On Tue, Oct 07, 2008 at 02:41:19PM +0200, Andre van Winssen wrote:
> Pete Finnigan released v2 of his oracle database password checker written in
> plsql.

ran for four hours on a old, slowaris devel machine.

It reports the following.

T Username Password CR FL STA

CR for cracked passwords
OP means Openo

what are the implications of this. I don't know if I should alter the role or not.


Received on Tue Oct 07 2008 - 20:53:48 CDT

Original text of this message