RE: Oracle8i

[Sean Knox <Sknox () CQOS COM>]

scott/tiger is also a default Oracle8i password I believe.

Sean

-----Original Message-----
From: Jonathan (Listserv Account) [mailto:listsmurf () ur nl]
Sent: Tuesday, July 03, 2001 1:24 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: RE: Oracle8i


> We are in the process of putting out a complete list of Oracle security
> alerts - check out our web site later this week. We have a discussion
> board specifically for Oracle security. We are working on some tools
> that could be useful to you. Let me know if you'd like to beta test.

Count me in for betatesting. Hope I have enough room in a busy schedule when
the time comes, but I am definitely interested.

As far as Oracle security is concerned, a lot of installations still have
the default 'sys/change_on_install' and 'system/manager' enabled because
it's easier (...) if another DBA comes along and needs to work on the
system.

Another commonly used user/password config is 'app_owner/app_owner' where
'app' is the name of the application. The password is the same as the
username (...)

So far I don't like Oracle that much. It is a very complex, hard to audit
piece of software. Because of that complexitity, it seems hard to patch as
well. And the company behind it is not as fast responding and open as I
would want it to be.

Cya
Jonathan


----------------------------------------------------------------------------
----------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service
For more information on SecurityFocus' SIA service which automatically
alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/