Hi All Recently i posted a note to this list about a document about Oracle security that i wrote and its had quite a lot of feedback so i thought people on this list might be interested in a new paper i have created on all of the Oracle default users and passwords that i could find. There are now 109 on the list. I still have some more area's to investigate so there should be more to come. The list is a table of usernames, passwords and hashes. Also included with the paper is an SQL script that can be run in SQL*Plus to check if any of the default users exist in the Oracle database and if the passwords are still set to the default value. I also intend this table to be a central list for Oracle default Users and their defaults passwords. So please if anyone comes across any usernames / passwords that i have not listed then please let me know. The list and script is available at http://www.pentest- limited.com/default-user.htm. I would like to acknowledge Aaron Newman for letting me update my list with usernames from his list that i did not have and David Litchfield has also provided some names that i will add over the next couple of days. regards Pete -- Pete Finnigan IT Security Consultant PenTest Limited Office 01565 830 990 Fax 01565 830 889 Mobile 07974 087 885 pete.finnigan@pentest-limited.com www.pentest-limited.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Nov 05 2001 - 08:53:36 PST