Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Oracle

From: bugtraq () ROEGLIN DE (Lars Roeglin)
Date: Mon, 31 Jan 2000 13:57:16 +0100

Hello liberal world,


Some time ago, I had luckily managed to get the DBA's user name and Password
that were used in Oracle based programs and I freely accessed every oracle
programs since then. After several days past, the DBA changed the Oracle
password (of course, this is not surprising!) Probably, he must have taken a
look at some kind of  list showing who has entered which oracle program and
that should
have allowed him to easily discover my unathorized accesses :)


I don't think that the DBA did change his password because he detected
your unauthorized access. As an Administrator you should change your
password frequently (e.g. every 2 weeks), in order to avoid the thing you descibe.
If somebody gets the DBA's password he surely can use it, but it
wouldn't last very long.
Maybe there is a list showing who has used which oracle program, but
if that had been the reason for changing the password, don't you think
he would have told you not to do this again?

Greetings,
        Lars Roeglin

--
Lars Röglin
http://www.pse-online.de
Previous By Date Next
Previous By Thread Next

Current thread: