RE: Pete Finnigan's Oracle database password checker
Date: Tue, 7 Oct 2008 20:53:48 -0500
Message-ID: <785A4E1EF4D9E745BAC909B7941BEC0094FB0D@usplm201.amer.corp.eds.com>
It means the role has a password and that it most likely has a weak password.
I run it in a testing environment and got about 15 results, then run it in a production database and got about 90 passwords. I am implementing a password verification function now... any suggestions?
People REALLY need to start being careful about their passwords...
I will work on extending the dictionary to include spanish words... ¬¬
regards
Guillermo Alan Bort
EDS - ITO DBA Main Group
-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Ray Stell
Sent: Tuesday, October 07, 2008 5:07 PM
To: Andre van Winssen
Cc: Oracle-L Freelists
Subject: Re: Pete Finnigan's Oracle database password checker
On Tue, Oct 07, 2008 at 02:41:19PM +0200, Andre van Winssen wrote:
> Pete Finnigan released v2 of his oracle database password checker written in
> plsql.
ran for four hours on a old, slowaris devel machine.
It reports the following.
T Username Password CR FL STA
R "GLOBAL_AQ_USER_ROLE [GL-EX {GLOBAL} ] GE CR OP GE for GLOBAL/EXTERNAL
CR for cracked passwords
OP means Openo
what are the implications of this. I don't know if I should alter the role or not.
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Tue Oct 07 2008 - 20:53:48 CDT