| VID |
25005 |
| Severity |
30 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
When an Oracle database is created, accounts are created in the database for administrative and operational purposes. The default passwords for these accounts are widely known, so it is a substantial security risk to leave the default passwords in place. Accounts with default passwords may exist, depending on the version of Oracle and the options installed.
* References:
http://docs.oracle.com/cd/B10501_01/win.920/a95490/username.htm
http://www.vulnerabilityassessment.co.uk/default_oracle_passwords.htm |
| Recommendation |
Change the user's password to be something other than the default password immediately.
To change the password of a user, you have to log in the Oracle server with the user name using 'sqlplus' command, and execute the command to change password is like this:
alter user "dbsnmp" identified by "secretpwd";
The command as above change the password for user "dbsnmp" as "secretpwd". |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
