<\/p>\n
Oracle is getting serious with security? Again..?<\/p>\n
Oracle Corp. has published a collection of software patches that address security vulnerabilities in a range of the company’s products, including its database and application server software. As part of this update, it also released a tool designed to ferret out commonly used default passwords that theoretically could be misused by hackers.<\/p>\n
Earlier versions of Oracle’s database software included well-known default passwords and user names, for example “scott \/ tiger”. These accounts are also known to have been created by other software, such as application servers, that interact with the database, said Oracle Security Alerts Manager Darius Wiles<\/p><\/blockquote>\n
The ‘scanner’ is actually an SQL script.<\/p>\n
The password scanner is a SQL (Structured Query Language) script that scans the database and then prints out the names of these well-known accounts if they are unlocked, Wiles said. “This tool is designed to catch those instances and then explain to customers the right thing to do to secure their systems.”<\/p><\/blockquote>\n
Source: Computerworld<\/a><\/p>\n
Oracle default passwords have been quite a problem in the past, there is a whole page dedicated to them here<\/a>.<\/p>\n
This page is the home for the Oracle default password list that we have collated. The list can also be thought of as a list of Oracle default password hashes.<\/p><\/blockquote>\n
The full details of the release can be found from Oracle Here (Oracle Critical Patch Update – April 2006)<\/a>.<\/p>\n
Subscribers to MetaLink can find more information on the Default Password Scanner in MetaLink Note 361482.1.<\/p>\n
You can also check out Cain & Abel<\/a> which has Oracle hash specific functions.<\/p>\n
<\/p>\n