Tag Archives: password

Cryptographic flaws in Oracle Database authentication protocol

Recently a security researcher (Esteban Martinez Fayo) made the world aware of a problem with the O5LOGON Oracle database authentication protocol (used in 11g – 11.1 & 11.2). This problem, known as CVE-2012-3137, makes it relatively simple for attackers to … Continue reading

Posted in Database, Security | Tagged , , , , , , , , , , , , , , , , , , , , , , , | 12 Comments

Oracle RAC – granting SYSDBA or SYSOPER is instance specific

The default location for the password file is $ORACLE_HOME/dbs which in most cases (if you don’t have your ORACLE_HOME on a shared disk) is on a non-shared filesystem. Whenever you grant SYSDBA or SYSOPER to a database user Oracle will … Continue reading

Posted in RAC | Tagged , , , , , , , , , , , , | Leave a comment

Password History – Reusing a password

By setting either one or both the profile limits PASSWORD_REUSE_MAX or PASSWORD_REUSE_TIME are set to anything other than UNLIMITED, Oracle somewhere keeps a history of passwords used by a user. This password history is stored in a table with the … Continue reading

Posted in Database | Tagged , , , , , | 3 Comments

Expired passwords in 11g database using 10g client

When I create a new user/schema in an Oracle database I specify a password and immediately use the PASSWORD EXPIRE clause to expire this one-time-use only password. This way I make sure the user/application who is going to use this … Continue reading

Posted in Database | Tagged , , , , , , | Leave a comment

Password Hashes

Within Oracle databases passwords get hashed. When, for example, you create a new account or change the password of an account, the specified clear-text password gets hashed. This hash value is stored in the database with the account. Once hashed … Continue reading

Posted in Security | Tagged , , , , , , | 7 Comments