RE: Pete Finnigan's Oracle database password checker

From: <John.Hallas_at_morrisonsplc.co.uk>
Date: Wed, 8 Oct 2008 08:06:02 +0100
Message-ID: <OFB72119DB.D5047709-ON802574DC.00270140-802574DC.00270147@morrisonsplc.co.uk>


This is a neat PL/SQL routine which is very easy to customise to your requirements

http://www.pentest.co.uk/cgi-bin/viewcat.cgi?cat=downloads

I downloaded the tool yesterday but I am stil looking for a suitable sandpit environment to test it on



John Hallas
Oracle DBA
Wm Morrison Supermarkets PLC
Mobile: 07876 790540
E-mail: john.hallas_at_morrisonsplc.co.uk

-----oracle-l-bounce_at_freelists.org wrote: -----

To: "Oracle-L Freelists" <oracle-l_at_freelists.org> From: "Bort, Guillermo" <guillermo.bort_at_eds.com> Sent by: oracle-l-bounce_at_freelists.org
Date: 08/10/2008 02:53AM
Subject: RE: Pete Finnigan's Oracle database password checker

It means the role has a password and that it most likely has a weak password.

I run it in a testing environment and got about 15 results, then run it in a production database and got about 90 passwords. I am implementing a password verification function now... any suggestions?

People REALLY need to start being careful about their passwords...

I will work on extending the dictionary to include spanish words... ¬¬


Wm Morrison Supermarkets PLC is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL.

This email and any attachments are intended for the addressee(s) only and may be confidential. If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way.

Wm Morrison Supermarkets PLC accepts no liability or responsibility for anything said in the email or its attachments and gives no warranty as to accuracy. It is the policy of Wm Morrison Supermarkets PLC not to enter into any contractual or other obligations by email.

Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks.


--
http://www.freelists.org/webpage/oracle-l
Received on Wed Oct 08 2008 - 02:06:02 CDT

Original text of this message