Pages

Tuesday, December 13, 2011

Default Password in Oracle


Here is a sample session of running these scripts to show you how the tools work. The test was run against a 9.2.0.1 database on Windows XP.
Connected to:
Personal Oracle9i Release 9.2.0.1.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.1.0 - Production

SQL> @\petefinnigan.com\password\marcel-jan\osp_exec.sql
*********************************************
*                                           *
*  Welcome to the Oracle Security Probe     *
*                                           *
*********************************************

Connectstring (destination database): sans
Password of oraprobe?: ********
Connected.
Oracle accounts with default passwords
======================================

Username: SYS
Password: CHANGE_ON_INSTALL
-----------------------------------------------
WARNING! The password of SYS is a default password. 
It is well known to hackers

Additional information:
SYS is Oracle's most powerful database management account. 
It allows to read,change and destroy all data in your database.


Username: SYSTEM
Password: MANAGER
-----------------------------------------------
WARNING! The password of SYSTEM is a default password. 
It is well known to hackers

Additional information:
SYSTEM is Oracle's database management account. 
It allows to read, change and destroy all data in your database.


Username: SCOTT
Password: TIGER
-----------------------------------------------
WARNING! The password of SCOTT is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: DBSNMP
Password: DBSNMP
-----------------------------------------------
WARNING! The password of DBSNMP is a default password. 
It is well known to hackers

Additional information:
DBSNMP is an account for the Oracle Intelligent Agent. 
Under certain circumstances it allows to read passwords from memory.


Username: QS_ES
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED(TIMED)
-----------------------------------------------
WARNING! The password of QS_ES is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: WMSYS
Password: WMSYS
Status: LOCKED
-----------------------------------------------
WARNING! The password of WMSYS is a default password. 
It is well known to hackers

Additional information:



Username: ORDSYS
Password: ORDSYS
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ORDSYS is a default password. 
It is well known to hackers

Additional information:
The account ORDSYS (Oracle Time Series) has a limited number of 
risky system privileges, amongst which those to use external 
libraries and run code on the operating system.


Username: ORDPLUGINS
Password: ORDPLUGINS
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ORDPLUGINS is a default password. 
It is well known to hackers

Additional information:
ORDPLUGINS is an administrative account for Oracle Time Series.


Username: MDSYS
Password: MDSYS
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of MDSYS is a default password. 
It is well known to hackers

Additional information:
The account MDSYS (Oracle Spatial administrator) has DBA-like 
privileges, which allow to read, change and destroy all data 
in your database.


Username: CTXSYS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of CTXSYS is a default password. 
It is well known to hackers

Additional information:
CTXSYS (Oracle Text/Intermedia Text/Context option) is 
an account with DBA privileges and therefor allows to read, 
change and destroy all data in your database.


Username: XDB
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of XDB is a default password. 
It is well known to hackers

Additional information:



Username: WKSYS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of WKSYS is a default password. 
It is well known to hackers

Additional information:
WKSYS is an administrative account of Oracle9iAS Ultrasearch.


Username: WKPROXY
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of WKPROXY is a default password. 
It is well known to hackers

Additional information:
WKPROXY is an administrative account of Oracle9iAS Ultrasearch.


Username: ODM
Password: ODM
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ODM is a default password. 
It is well known to hackers

Additional information:



Username: ODM_MTR
Password: 
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of ODM_MTR is a default password. 
It is well known to hackers

Additional information:



Username: OLAPSYS
Password: MANAGER
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of OLAPSYS is a default password. 
It is well known to hackers

Additional information:
OLAPSYS is an administrative account for the OLAP Services option.


Username: RMAN
Password: RMAN
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of RMAN is a default password. 
It is well known to hackers

Additional information:
RMAN is an account for the Oracle Recovery Manager. 
This account might be misused to write unwanted changes 
to the database to the backups.


Username: QS_CS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_CS is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: QS_CB
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_CB is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: QS_CBADM
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_CBADM is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: QS_OS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_OS is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: HR
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of HR is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: OE
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of OE is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: PM
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of PM is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: SH
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of SH is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: QS_ADM
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_ADM is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: QS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


Username: QS_WS
Password: CHANGE_ON_INSTALL
Status: EXPIRED & LOCKED
-----------------------------------------------
WARNING! The password of QS_WS is a default password. 
It is well known to hackers

Additional information:
This is a training account. It should not be available 
in a production environment.


SQL> 

No comments:

Post a Comment