Well, that's the default password. Is the *hash* the same, though? Someone had mentioned that they thought it was DB-dependant. That can't be, since I can copy a DB, change the name, and fire it up without changing the password.
Rich Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 17, 2002 3:01 PM > To: [EMAIL PROTECTED] > Cc: Jesse, Rich > Subject: RE: password > > > > Does "CHANGE_ON_INSTALL" have the same hash value for every > > version and every instance? > > Yes, it does. > > Check: http://www.pentest-limited.com/default-user.htm > > This is a pentest list of default Oracle passwords. > > I've used this to create a perl script that checks for > default passwords. > > It doesn't matter which version of Oracle. > > Jared > > > > > > > > "Jesse, Rich" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 12/17/2002 11:03 AM > Please respond to ORACLE-L > > > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > cc: > Subject: RE: password > > > Interesting. Does "CHANGE_ON_INSTALL" have the same hash > value for every > version and every instance? > > Not being much of a hacker (anymore) I would think that with only one > algorithm and several known passwords (you can generate them > yourself), > this > wouldn't be much of a challenge to real hackers. Hell, the client > encrypts > it to send to the server, right? That code could be reverse > engineered, > too. BTW, VMS has many algorithms in play to help prevent > such an attack > on > it's passwords. <plug plug> > > Oh to have the spare time of a 15-year old again... :) > > Rich > > > Rich Jesse System/Database Administrator > [EMAIL PROTECTED] Quad/Tech International, > Sussex, WI > USA -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).