Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle Default Users and Security
Pete Finnigan wrote:
>
> Hi all
>
> If anyone is interested i have put together a list of the all default
> Oracle users i can find and their default passwords and hashes 109 so
> far and i still have some areas to look at.
>
> I have found in my recent work on Oracle security audits that a major
> area of concern is the amount of databases where there still exists at
> least one default account where the password is still a default one.
>
> So i have created a table at http://www.pentest-limited.com/default-
> user.htm ( or you can go to the site and its in the technical and white
> papers section ) that has the users and passwords and hashes and a
> simple SQL script generated from this list that can be run as a DBA to
> check if any defaults are still set easily.
>
> regards,
> Pete
> --
> Pete Finnigan
> IT Security Consultant
> PenTest Limited
>
> Office 01565 830 990
> Fax 01565 830 889
> Mobile 07974 087 885
>
> pete.finnigan_at_pentest-limited.com
>
> www.pentest-limited.com
Worthy of note could be the 9i doco - which contains a similar list somewhere in the doco (it also does the nice thing of locking accounts and expiring password - a claim I have not confirmed)
hth
connor
-- ============================== Connor McDonald http://www.oracledba.co.uk "Some days you're the pigeon, some days you're the statue..."Received on Mon Nov 05 2001 - 08:22:57 CST