Check out the default password list at http://www.phenoelit.de/dpl/. It lists over 20 default accounts for Oracle. -jon ===================================================================== Jon Larimer | Direct Dial: (404) 236-2843 Systems Engineer / ISS X-Force Team | ISS Front Desk: (404) 236-2600 Internet Security Systems, Inc. | ===================================================================== > -----Original Message----- > From: Sean Knox [mailto:Sknoxat_private] > Sent: Tuesday, July 03, 2001 2:26 PM > To: 'Jonathan (Listserv Account)'; PEN-TESTat_private > Subject: RE: Oracle8i > > > scott/tiger is also a default Oracle8i password I believe. > > Sean > > -----Original Message----- > From: Jonathan (Listserv Account) [mailto:listsmurfat_private] > Sent: Tuesday, July 03, 2001 1:24 AM > To: PEN-TESTat_private > Subject: RE: Oracle8i > > > > We are in the process of putting out a complete list of > Oracle security > > alerts - check out our web site later this week. We have a > discussion > > board specifically for Oracle security. We are working on some tools > > that could be useful to you. Let me know if you'd like to beta test. > > Count me in for betatesting. Hope I have enough room in a > busy schedule when > the time comes, but I am definitely interested. > > As far as Oracle security is concerned, a lot of > installations still have > the default 'sys/change_on_install' and 'system/manager' > enabled because > it's easier (...) if another DBA comes along and needs to work on the > system. > > Another commonly used user/password config is > 'app_owner/app_owner' where > 'app' is the name of the application. The password is the same as the > username (...) > > So far I don't like Oracle that much. It is a very complex, > hard to audit > piece of software. Because of that complexitity, it seems > hard to patch as > well. And the company behind it is not as fast responding and > open as I > would want it to be. > > Cya > Jonathan > > > -------------------------------------------------------------- > -------------- > ---------- > > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) > Service > For more information on SecurityFocus' SIA service which automatically > alerts you to > the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 13:53:39 PDT