Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: password
Well, that's the default password. Is the *hash* the same, though?
Someone had mentioned that they thought it was DB-dependant. That can't be, since I can copy a DB, change the name, and fire it up without changing the password.
Rich
Rich Jesse System/Database Administrator Rich.Jesse_at_qtiworld.com Quad/Tech International, Sussex, WI USA
> -----Original Message-----
> From: Jared.Still_at_radisys.com [mailto:Jared.Still_at_radisys.com]
> Sent: Tuesday, December 17, 2002 3:01 PM
> To: ORACLE-L_at_fatcity.com
> Cc: Jesse, Rich
> Subject: RE: password
>
>
> > Does "CHANGE_ON_INSTALL" have the same hash value for every
> > version and every instance?
>
> Yes, it does.
>
> Check: http://www.pentest-limited.com/default-user.htm
>
> This is a pentest list of default Oracle passwords.
>
> I've used this to create a perl script that checks for
> default passwords.
>
> It doesn't matter which version of Oracle.
>
> Jared
>
>
>
>
>
>
>
> "Jesse, Rich" <Rich.Jesse_at_qtiworld.com>
> Sent by: root_at_fatcity.com
> 12/17/2002 11:03 AM
> Please respond to ORACLE-L
>
>
> To: Multiple recipients of list ORACLE-L
> <ORACLE-L_at_fatcity.com>
> cc:
> Subject: RE: password
>
>
> Interesting. Does "CHANGE_ON_INSTALL" have the same hash
> value for every
> version and every instance?
>
> Not being much of a hacker (anymore) I would think that with only one
> algorithm and several known passwords (you can generate them
> yourself),
> this
> wouldn't be much of a challenge to real hackers. Hell, the client
> encrypts
> it to send to the server, right? That code could be reverse
> engineered,
> too. BTW, VMS has many algorithms in play to help prevent
> such an attack
> on
> it's passwords. <plug plug>
>
> Oh to have the spare time of a 15-year old again... :)
>
> Rich
>
>
> Rich Jesse System/Database Administrator
> Rich.Jesse_at_qtiworld.com Quad/Tech International,
> Sussex, WI
> USA
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: Rich.Jesse_at_qtiworld.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Dec 17 2002 - 15:30:48 CST
![]() |
![]() |