Hi All
I have been looking into the default accounts that can be created during a standard installation of Oracle8i 8.1.5 for linux and for windows NT. There are a number of accounts created by default and a lot more that can be created by running various installtion / example scripts in the oracle installation directories. I have created a simple page of HTML pasted below with a table of linux, and winNT users/passwords, key privileges and identified the users created as standard.
cheers
Pete Finnigan
PenTest Limited
Manchester UK.
Here is the HTML
==CUT======================================================================
<HTML>
<BODY>
<DIV ALIGN=LEFT>
<H3>Investigation of Default Oracle Accounts</H3></DIV>
<P>
I have investigated standard installations of the Oracle 8i <I>RDBMS</I> on both
Linux and Windows NT for version <I>8.1.5</I> and have found the following possible
default accounts and password's that could be installed. I have installed the
standard <I>RDBMS</I> and development tools. This gives us 9 default accounts under
Linux and 12 under Windows NT.
<P>
The Windows NT installation is more dangerous as it provides a <I>DBA</I> account
with the user CTXSYS and also the user MDSYS has "ALL PRIVILEGES WITH ADMIN" granted.
Having "ALL PRIVILEGES" is as good as having <I>dba</I> privileges. None of the Linux
default users is as dangerous as this, except of course SYS and SYSTEM if the passwords
have been left set to the defaults.
<P>
There are 52 default users for Linux and 57 for Windows NT. You are never going to
see all of these users in one database unless someone is experimenting but its
going to be possible to see some of them. I found out these users by searching all
of the SQL files provided by Oracle in the standard installation.
<P>
Remember it's the data in the actual database that should be protected, and most
often it's not. Its not necessary to get SYS, SYSTEM or even a DBA to get at user
data in an Oracle database. A user such as DBSNMP or OUTLN can access a list of
users in the database. The actual user information is stored in a database table
called <TT>USER$</TT> owned by the user SYS. Unless you are very lucky and someone
has inadvertently granted access to this table you will not be able to see it unless
you are logged on as SYS. There is also a view <TT>DBA_USERS</TT> that accesses this
SYS table. Access is granted to select from this view to users who are DBA, or who
have been granted permission to select any view. All is not lost though as any user
who has the minimum permissions such as DBSNMP can access another view called <TT>ALL_USERS</TT>.
This view doesn't let you see the password hash, but does let you get a list of all
of the database users. If you can get a users password and quite often they are
set to USER_NAME/USER_NAME then you can probably access the production schema and
certainly do SQL Injection on the application. Using one of the innocent users such
as DBSNMP or OUTLN you can glean a lot of information about a database, and who uses it.
<P>
Also for both Linux and Windows NT installations the <TT>internal</TT> users default
password is set to <TT>oracle</TT>. This user name is used to connect effectivley as
SYS without having the SYS password.
<P>
Here is a table listing all of the default users and passwords i could find for both
Operating Systems. The usernames / passwords colored in Orange are the ones installed
from a standard installation.
<BR>
<BR>
<CENTER>
<TABLE BORDER=1 CELLPADDING=0 CELLSPACING=0>
<TR STYLE='background:silver'><TD width=220>WINDOWS NT</TD><TD width=220>LINUX</TD><TD width=220>PRIVILEGES</TD></TR>
<TR><TD width=220>ADAMS/WOOD</TD><TD width=220 BGCOLOR=ORANGE>ADAMS/WOOD</TD><TD width=220>.</TD></TR>
<TR><TD width=220>AQDEMO/AQDEMO</TD><TD width=220>AQDEMO/AQDEMO</TD><TD width=220>.</TD></TR>
<TR><TD width=220>AQUSER/AQUSER</TD><TD width=220>AQUSER/AQUSER</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>AURORA$ORB$UNAUTHENTICATED/INVALID</TD><TD width=220>AURORA$ORB$UNAUTHENTICATED/INVALID</TD><TD width=220>.</TD></TR>
<TR><TD width=220>BLAKE/PAPER</TD><TD width=220 BGCOLOR=ORANGE>BLAKE/PAPER</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CATALOG/CATALOG</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CDEMO82/CDEMO82</TD><TD width=220>CDEMO82/CDEMO82</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CDEMOCOR/CDEMOCOR</TD><TD width=220>CDEMOCOR/CDEMOCOR</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CDEMOUCB/CDEMOUCB</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>.</TD><TD width=220>CDEMORID/CDEMORID</TD><TD width=220>.</TD></TR>
<TR><TD width=220>CLARK/CLOTH</TD><TD width=220 BGCOLOR=ORANGE>CLARK/CLOTH</TD><TD width=220>.</TD></TR>
<TR><TD width=220>COMPANY/COMPANY</TD><TD width=220>COMPANY/COMPANY</TD><TD width=220>All Privileges</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>CTXSYS/CTXSYS</TD><TD width=220>CTXSYS/<PASSED IN></TD><TD width=220>DBA</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>DBSNMP/DBSNMP</TD><TD width=220 BGCOLOR=ORANGE>DBSNMP/DBSNMP</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>DEMO/DEMO</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>DEMO8/DEMO8</TD><TD width=220>DEMO8/DEMO8</TD><TD width=220>.</TD></TR>
<TR><TD width=220>EMP/EMP</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>EVENT/EVENT</TD><TD width=220>EVENT/EVENT</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>FINANCE/FINANCE</TD><TD width=220>FINANCE/FINANCE</TD><TD width=220>All Privileges</TD></TR>
<TR><TD width=220>FND/FND</TD><TD width=220>FND/FND</TD><TD width=220>.</TD></TR>
<TR><TD width=220>GPFD/GPFD</TD><TD width=220>GPFD/GPFD</TD><TD width=220>.</TD></TR>
<TR><TD width=220>GPLD/GPLD</TD><TD width=220>GPLD/GPLD</TD><TD width=220>.</TD></TR>
<TR><TD width=220>JONES/STEEL</TD><TD width=220 BGCOLOR=ORANGE>JONES/STEEL</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>MDSYS/MDSYS</TD><TD width=220>MDSYS/MDSYS</TD><TD width=220>All Privileges with Admin</TD></TR>
<TR><TD width=220>MFG/MFG</TD><TD width=220>MFG/MFG</TD><TD width=220>All Privileges</TD></TR>
<TR><TD width=220>MILLER/MILLER</TD><TD width=220>MILLER/MILLER</TD><TD width=220. </TD></TR>
<TR><TD width=220>MMO2/MMO2</TD><TD width=220>MMO2/MMO2</TD><TD width=220>.</TD></TR>
<TR><TD width=220>.</TD><TD width=220>MODTEST/YES</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>MOREAU/MOREAU</TD><TD width=220>MOREAU/MOREAU</TD><TD width=220>.</TD></TR>
<TR><TD width=220>.</TD><TD width=220>NAMES/NAMES</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>MTSSYS/MTSSYS</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>OCITEST/OCITEST</TD><TD width=220>OCITEST/OCITEST</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>ORDPLUGINS/ORDPLUGINS</TD><TD width=220>ORDPLUGINS/ORDPLUGINS</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>ORDSYS/ORDSYS</TD><TD width=220>ORDSYS/ORDSYS</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>OUTLN/OUTLN</TD><TD width=220 BGCOLOR=ORANGE>OUTLN/OUTLN</TD><TD width=220>.</TD></TR>
<TR><TD width=220>PO/PO</TD><TD width=220>PO/PO</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>POWERCARTUSER/POWERCARTUSER</TD><TD width=220>POWERCARTUSER/POWERCARTUSER</TD><TD width=220>.</TD></TR>
<TR><TD width=220>PRIMARY/PRIMARY</TD><TD width=220>PRIMARY/PRIMARY</TD><TD width=220>.</TD></TR>
<TR><TD width=220>PUBSUB/PUBSUB</TD><TD width=220>PUBSUB/PUBSUB</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>RE/RE</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>RMAIL/RMAIL</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>SAMPLE/SAMPLE</TD><TD width=220>.</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>SCOTT/TIGER</TD><TD width=220 BGCOLOR=ORANGE>SCOTT/TIGER</TD><TD width=220>.</TD></TR>
<TR><TD width=220>SECDEMO/SECDEMO</TD><TD width=220>SECDEMO/SECDEMO</TD><TD width=220>.</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>SYS/CHANGE_ON_INSTALL</TD><TD width=220 BGCOLOR=ORANGE>SYS/CHANGE_ON_INSTALL</TD><TD width=220>SUPERUSER DBA</TD></TR>
<TR><TD width=220 BGCOLOR=ORANGE>SYSTEM/MANAGER</TD><TD width=220 BGCOLOR=ORANGE>SYSTEM/MANAGER</TD><TD width=220>DBA</TD></TR>
<TR><TD width=220>TRACESVR/TRACE</TD><TD width=220>.</TD><TD width=220>.</TD></TR>
<TR><TD width=220>TSDEV/TSDEV</TD><TD width=220>TSDEV/TSDEV</TD><TD width=220>.</TD></TR>
<TR><TD width=220>TSUSER/TSUSER</TD><TD width=220>TSUSER/TSUSER</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER0/USER0</TD><TD width=220>USER0/USER0</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER1/USER1</TD><TD width=220>USER1/USER1</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER2/USER2</TD><TD width=220>USER2/USER2</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER3/USER3</TD><TD width=220>USER3/USER3</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER4/USER4</TD><TD width=220>USER4/USER4</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER5/USER5</TD><TD width=220>USER5/USER5</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER6/USER6</TD><TD width=220>USER6/USER6</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER7/USER7</TD><TD width=220>USER7/USER7</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER8/USER8</TD><TD width=220>USER8/USER8</TD><TD width=220>.</TD></TR>
<TR><TD width=220>USER9/USER9</TD><TD width=220>USER9/USER9</TD><TD width=220>.</TD></TR>
<TR><TD width=220>VRR1/VRR1</TD><TD width=220>VRR1/VRR1</TD><TD width=220>DBA</TD></TR>
</TABLE>
</CENTER>
</BODY>
</HTML>
=CUT=======================================================================
__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/
Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 06:54:50 PDT