Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Nessus Oracle Password scan plugin

Re: Nessus Oracle Password scan plugin

From: DA Morgan <damorgan_at_psoug.org>
Date: Fri, 27 May 2005 11:36:29 -0700
Message-ID: <1117218729.817343@yasure> 





jansen.greg_at_gmail.com wrote:


> I'm running vulnerability scans on Oracle servers using Nessus.

> However, there is no plugin to scan for default or easy to guess

> passwords.  Has anyone seen a Nessus plugin that would allow this, or

> have information on writing one that would do the trick?




Haven't heard of such a thing but the simple solution is to expire
all passwords after activating a modified version of Oracle's
verify_function in the user profile.



If you modify the function to look at a table containing a dictionary
of common words you can pretty much rest assured the vulnerability
will be dealt with.

-- 
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)


Received on Fri May 27 2005 - 13:36:29 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US