Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Nessus Oracle Password scan plugin
jansen.greg_at_gmail.com wrote:
> I'm running vulnerability scans on Oracle servers using Nessus.
> However, there is no plugin to scan for default or easy to guess
> passwords. Has anyone seen a Nessus plugin that would allow this, or
> have information on writing one that would do the trick?
Haven't heard of such a thing but the simple solution is to expire all passwords after activating a modified version of Oracle's verify_function in the user profile.
If you modify the function to look at a table containing a dictionary of common words you can pretty much rest assured the vulnerability will be dealt with.
-- Daniel A. Morgan http://www.psoug.org damorgan_at_x.washington.edu (replace x with u to respond)Received on Fri May 27 2005 - 13:36:29 CDT