Re: Pete Finnigan's Oracle database password checker
From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Mon, 13 Oct 2008 10:12:30 +0100
Message-ID: <48F310FE.3020504@petefinnigan.com>
>
>
> ran for four hours on a old, slowaris devel machine.
>
> It reports the following.
>
> T Username Password CR FL STA
> =======================================================
> R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP
>
> GE for GLOBAL/EXTERNAL
> CR for cracked passwords
> OP means Openo
>
> what are the implications of this. I don't know if I
> should alter the role or not.
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
Date: Mon, 13 Oct 2008 10:12:30 +0100
Message-ID: <48F310FE.3020504@petefinnigan.com>
Hi Ray,
It means that none of your passwords are weak (Importantly though: only to the rules of the PL/SQL cracker, i.e. username=password, dictionary word, default password and password <= 4 characters are checked though, you need to use a stronger cracker written in C to test longer passwords and huge dictionaries). The one result you got is for a default role and the password is global so its not weak.
cheers
Pete
Ray Stell wrote:
> On Tue, Oct 07, 2008 at 02:41:19PM +0200, Andre van Winssen wrote:
>> Pete Finnigan released v2 of his oracle database password checker written in >> plsql.
>
>
> ran for four hours on a old, slowaris devel machine.
>
> It reports the following.
>
> T Username Password CR FL STA
> =======================================================
> R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP
>
> GE for GLOBAL/EXTERNAL
> CR for cracked passwords
> OP means Openo
>
> what are the implications of this. I don't know if I
> should alter the role or not.
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- Pete Finnigan Principal Consultant PeteFinnigan.com Limited Registered in England and Wales Company No: 4664901 Specialists in database security. If you need help to audit or secure an Oracle database, please ask for details of our courses and consulting services Phone: 0044 (0)1904 791188 Fax : 0044 (0)1904 791188 Mob : 0044 (0)7742 114223 email: pete_at_petefinnigan.com site : http://www.petefinnigan.com Please note that this email communication is intended only for the addressee and may contain confidential or privileged information. The contents of this email may be circulated internally within your organisation only and may not be communicated to third parties without the prior written permission of PeteFinnigan.com Limited. This email is not intended nor should it be taken to create any legal relations, contractual or otherwise. -- http://www.freelists.org/webpage/oracle-lReceived on Mon Oct 13 2008 - 04:12:30 CDT