[52195] in SAPr3-news
Security review your database for default accounts with known passwords
daemon@ATHENA.MIT.EDU (Pete Finnigan)
Wed Nov 10 07:37:26 2004
To: sapr3-news@mit.edu
Date: Wed, 10 Nov 2004 11:33:46 +0000
From: Pete Finnigan <plsql@petefinnigan.com>
Message-ID: <0h0tAdCayfkBRxCg@peterfinnigan.demon.co.uk>
Hi,
I have just added a new free tool to my web site that will test your
database for known default users and more importantly for known default
passwords. The tool is a set of PL/SQL scripts that loads a list of 474
known default users to a table. A package procedure is then used to loop
through all of the databases users to test if they are default and have
known passwords.
The list of passwords and users is supplied in a spreadsheet that
includes details of what most of the users are used for as well as a
severity rating for them. This is probably the biggest list of default
users available on the net.
The scripts were written by Marcel-Jan Krijgsman and are available from
http://www.petefinnigan.com/default/default_password_checker.htm
Kind regards
Pete
--
Pete Finnigan (email:pete@petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
