{"id":162,"date":"2006-04-27T02:54:14","date_gmt":"2006-04-27T02:54:14","guid":{"rendered":"https:\/\/www.darknet.org.uk\/2006\/04\/oracle-releases-a-default-password-scanner\/"},"modified":"2010-06-28T08:49:59","modified_gmt":"2010-06-28T07:49:59","slug":"oracle-releases-a-default-password-scanner","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2006\/04\/oracle-releases-a-default-password-scanner\/","title":{"rendered":"Oracle Releases a Default Password Scanner"},"content":{"rendered":"
<\/p>\n
Oracle is getting serious with security? Again..?<\/p>\n
Oracle Corp. has published a collection of software patches that address security vulnerabilities in a range of the company’s products, including its database and application server software. As part of this update, it also released a tool designed to ferret out commonly used default passwords that theoretically could be misused by hackers.<\/p>\n
Earlier versions of Oracle’s database software included well-known default passwords and user names, for example “scott \/ tiger”. These accounts are also known to have been created by other software, such as application servers, that interact with the database, said Oracle Security Alerts Manager Darius Wiles<\/p><\/blockquote>\n
The ‘scanner’ is actually an SQL script.<\/p>\n
The password scanner is a SQL (Structured Query Language) script that scans the database and then prints out the names of these well-known accounts if they are unlocked, Wiles said. “This tool is designed to catch those instances and then explain to customers the right thing to do to secure their systems.”<\/p><\/blockquote>\n
Source: Computerworld<\/a><\/p>\n
Oracle default passwords have been quite a problem in the past, there is a whole page dedicated to them here<\/a>.<\/p>\n
This page is the home for the Oracle default password list that we have collated. The list can also be thought of as a list of Oracle default password hashes.<\/p><\/blockquote>\n
The full details of the release can be found from Oracle Here (Oracle Critical Patch Update – April 2006)<\/a>.<\/p>\n
Subscribers to MetaLink can find more information on the Default Password Scanner in MetaLink Note 361482.1.<\/p>\n
You can also check out Cain & Abel<\/a> which has Oracle hash specific functions.<\/p>\n
<\/p>\n