Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Secure oracle password length
Hi
have a look around your machine for any stray export files that have world read permissions, its not too difficult usually, open in vi and get the hash, no high level access needed!!.
Our company has reported a security alert to Oracle about a certain install leaving stray world readable export files lying around in /tmp.
What about careless backups lying around.
Start to think like a hacker and there are ways to find lists of password hashes.
have a look at http://www.pentest-limited.com/oracle-security.htm for some more ideas.
cheers
Pete Finnigan
www.pentest-limited.com
In article <95cd51c.0202182312.4772f5f9_at_posting.google.com>, godmann
<allanwtham_at_yahoo.com> writes
>Hi there,
>
> Mick is right. If someone got hold of you sys password, he can basically
>do anything. What's the point of hacking then? What Howard was pointing out
>was end-users who could be blocked using profile. Now, assume you don't have
>sys password and the profile is set with locking after three attempts, go
>ahead and hack! I bet you won't be able to!
>
>Allan W. Tham
>DBA
-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager at admin_at_pentest-limited.com -- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan_at_pentest-limited.com www.pentest-limited.comReceived on Thu Feb 21 2002 - 09:42:09 CST