-----Original Message-----
From: Sean Knox [mailto:Sknox () CQOS COM]
Sent: Tuesday, July 03, 2001 2:26 PM
To: 'Jonathan (Listserv Account)'; PEN-TEST () securityfocus com
Subject: RE: Oracle8i
scott/tiger is also a default Oracle8i password I believe.
Sean
-----Original Message-----
From: Jonathan (Listserv Account) [mailto:listsmurf () ur nl]
Sent: Tuesday, July 03, 2001 1:24 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: RE: Oracle8i
We are in the process of putting out a complete list of
Oracle security
alerts - check out our web site later this week. We have a
discussion
board specifically for Oracle security. We are working on some tools
that could be useful to you. Let me know if you'd like to beta test.
Count me in for betatesting. Hope I have enough room in a
busy schedule when
the time comes, but I am definitely interested.
As far as Oracle security is concerned, a lot of
installations still have
the default 'sys/change_on_install' and 'system/manager'
enabled because
it's easier (...) if another DBA comes along and needs to work on the
system.
Another commonly used user/password config is
'app_owner/app_owner' where
'app' is the name of the application. The password is the same as the
username (...)
So far I don't like Oracle that much. It is a very complex,
hard to audit
piece of software. Because of that complexitity, it seems
hard to patch as
well. And the company behind it is not as fast responding and
open as I
would want it to be.
Cya
Jonathan
--------------------------------------------------------------
--------------
----------
This list is provided by the SecurityFocus Security
Intelligence Alert (SIA)
Service
For more information on SecurityFocus' SIA service which automatically
alerts you to
the latest security vulnerabilities please see:
Intro
