Penetration Testing mailing list archives
RE: Oracle8i
From: "Larimer, Jon (ISSAtlanta)" <JLarimer () iss net>
Date: Thu, 5 Jul 2001 12:13:09 -0400
Check out the default password list at http://www.phenoelit.de/dpl/. It lists over 20 default accounts for Oracle. -jon ===================================================================== Jon Larimer | Direct Dial: (404) 236-2843 Systems Engineer / ISS X-Force Team | ISS Front Desk: (404) 236-2600 Internet Security Systems, Inc. | =====================================================================
-----Original Message----- From: Sean Knox [mailto:Sknox () CQOS COM] Sent: Tuesday, July 03, 2001 2:26 PM To: 'Jonathan (Listserv Account)'; PEN-TEST () securityfocus com Subject: RE: Oracle8i scott/tiger is also a default Oracle8i password I believe. Sean -----Original Message----- From: Jonathan (Listserv Account) [mailto:listsmurf () ur nl] Sent: Tuesday, July 03, 2001 1:24 AM To: PEN-TEST () SECURITYFOCUS COM Subject: RE: Oracle8iWe are in the process of putting out a complete list ofOracle securityalerts - check out our web site later this week. We have adiscussionboard specifically for Oracle security. We are working on some tools that could be useful to you. Let me know if you'd like to beta test.Count me in for betatesting. Hope I have enough room in a busy schedule when the time comes, but I am definitely interested. As far as Oracle security is concerned, a lot of installations still have the default 'sys/change_on_install' and 'system/manager' enabled because it's easier (...) if another DBA comes along and needs to work on the system. Another commonly used user/password config is 'app_owner/app_owner' where 'app' is the name of the application. The password is the same as the username (...) So far I don't like Oracle that much. It is a very complex, hard to audit piece of software. Because of that complexitity, it seems hard to patch as well. And the company behind it is not as fast responding and open as I would want it to be. Cya Jonathan -------------------------------------------------------------- -------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Oracle8i INA (V. Brahmanandam) (Jul 01)
- RE: Oracle8i Andrew van der Stock (Jul 02)
- RE: Oracle8i Jonathan Rickman (Jul 03)
- RE: Oracle8i Aaron C. Newman (Jul 02)
- RE: Oracle8i Jonathan (Listserv Account) (Jul 03)
- <Possible follow-ups>
- RE: Oracle8i Sean Knox (Jul 05)
- Re: Oracle8i Nicolas Gregoire (Jul 05)
- RE: Oracle8i Larimer, Jon (ISSAtlanta) (Jul 05)
- Oracle8i pfinn999 (Jul 17)
- RE: Oracle8i Andrew van der Stock (Jul 02)