Repscan 2.12 - Database Assessment Report
Repscan Report Created: Wed Aug 27 19:28:04 2008

Scanned databases

Database Name Signature Result
ora8174 signatures/ora8174_sig.csv failed
ora9208 signatures/ora9208_sig.csv passed
orainfra signatures/orainfra_sig.csv failed
orases signatures/orases_sig.csv passed
ora102 signatures/ora102_sig.csv failed

Modified items in ora8174

Modification type Owner Type Name new MD5-checksum
PUBLIC PUBLIC SYNONYM ALEXSYN 7c9e91bd9dc049a222efe74d60b230de
SYSTEM SYSTEM SYNONYM ALEXSYN 7c9e91bd9dc049a222efe74d60b230de
SYSTEM SYSTEM VIEW ALEX 2e1a9668418527adfd557366a0059909
SYSTEM SYSTEM VIEW ALEX22 2e1a9668418527adfd557366a0059909

The following rules violations in ora8174 are found:

Test Priority Handle Description
Default Directory object NGSSDBCHK_DIR [C:\\oracle\\ora81\/inventory/ContentsXML] in use Medium CONF011 The default directory objects NGSSDBCHK_DIR (NGSSoftware Ltd.) exists. This directory is sometimes not deleted during a security scan of NGS Squirrel. This could be a security problem. Remove the directory if not needed. Solution: DROP DIRECTORY NGSSDBCHK_DIR
Unlimited Sessions in Default Profile Medium CONF029 Every user can create an unlimited amount of database sessions. This could cause a D.o.S. problem
Unlimited Failed Login Attempts in Default Profile Medium CONF030 Every user can try an unlimited amount of database logins. Solution: ALTER PROFILE [profile_name] LIMIT FAILED_LOGIN_ATTEMPTS [new_value]
No Password Lock Time in Default Profile Medium CONF031 There is no password lock time. Solution: ALTER PROFILE [profile_name] LIMIT PASSWORD_LOCK_TIME UNLIMITED
Connect Role-Create View Medium CONF038 The CONNECT role contains the CREATE VIEW privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE VIEW FROM "CONNECT"
Connect Role-Create Table Medium CONF039 The CONNECT role contains the CREATE TABLE privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE TABLE FROM "CONNECT"
Connect Role-Create Synonym Medium CONF040 The CONNECT role contains the CREATE SYNONYM privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE SYNONYM FROM "CONNECT"
Connect Role-Create Database Link Medium CONF042 The CONNECT role contains the CREATE DATABASE LINK privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE DATABASE LINK FROM "CONNECT"
Connect Role-Alter Session Medium CONF043 The CONNECT role contains the ALTER SESSION privilege. A user could use this privilege to dump sensitive information like passwords literals. Solution: REVOKE ALTER SESSION FROM CONNECT
REMOTE_LOGIN_PASSWORDFILE IS set to [EXCLUSIVE] Medium CONF046 The init.ora parameter REMOTE_LOGIN_PASSWORDFILE is not set to NONE. This feature allows remote logins as SYSDBA. SYSDBA cannot be locked and can be used for bruteforce attacks
O7_DICTIONARY_ACCESSIBILITY IS TRUE [TRUE] Medium CONF050 The init.ora parameter O7_DICTIONARY_ACCESSIBILITY is set to TRUE. This feature allows users with SELECT ANY TABLE to access all SYS objects. Solution: ALTER SYSTEM SET O7_DICTIONARY_ACCESSIBILITY=FALSE scope=spfile
DBMS_SQL granted to PUBLIC High CONF066 The default package DBMS_SQL is granted to PUBLIC. This package allows is often used for privilege escalation. Solution: REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC
DBMS_RANDOM granted to PUBLIC Medium CONF078 The default package DBMS_RANDOM is granted to PUBLIC. This package allows users to create random numbers. Solution: REVOKE EXECUTE ON DBMS_RANDOM FROM PUBLIC
DBMS_LOB granted to PUBLIC Medium CONF100 The default package DBMS_LOB is granted to PUBLIC. This package allows users to read files. Solution: REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC
UTL_TCP granted to PUBLIC High CONF118 The default package UTL_TCP is granted to PUBLIC. This package allows TCP connection to other computers. Solution: REVOKE EXECUTE ON UTL_TCP FROM PUBLIC
UTL_HTTP granted to PUBLIC Medium CONF127 The default package UTL_HTTP is granted to PUBLIC. This package allows users to send HTTP requests. Solution: REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC
UTL_SMTP granted to PUBLIC Medium CONF131 The default package UTL_SMTP is granted to PUBLIC. This package allows users to send emails via SMTP. Solution: REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC
UTL_INADDR granted to PUBLIC Medium CONF134 The default package UTL_INADDR is granted to PUBLIC. This package allows users to retrieve host names and ip addresses from local and remote hosts. Solution: REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC
dblink_encrypt_login=[FALSE] Medium CONF200 dblink_encrypt_login is set to unlimited. Solution: alter system set dblink_encrypt_login=TRUE
MD is vulnerable against privilege escalation Critical VULN054 MDSYS.MD (8i) is vulnerable against SQL Injection. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2005-3439] [CVSS10.0]
DBMS_REPCAT_FLA is vulnerable Critical VULN072 SYS.DBMS_REPCAT_FLA (8i) is vulnerable against SQL Injection. Solution: Apply the latest Oracle Critical Patch Update
Rootkit Critical BACKD0077 Number of sysdba user is different in v$pwfile_users and sys.user$. This could be an indication for a SYSDBA rootkit
CTXSYS has a default password Critical DEFPW819 8Default password of unlocked user CTXSYS detected. Solution: alter user CTXSYS identified by newpw;
DBSNMP has a default password Critical DEFPW832 8Default password of unlocked user DBSNMP detected. Solution: alter user DBSNMP identified by newpw;
ORDPLUGINS has a default password Critical DEFPW1097 Default password of unlocked user ORDPLUGINS detected. Solution: alter user ORDPLUGINS identified by newpw;
ORDSYS has a default password Critical DEFPW1098 Default password of unlocked user ORDSYS detected. Solution: alter user ORDSYS identified by newpw;
OUTLN has a default password Critical DEFPW1101 Default password of unlocked user OUTLN detected. Solution: alter user OUTLN identified by newpw;
SYS has a default password Critical DEFPW1297 Default password of unlocked user SYS detected. Solution: alter user SYS identified by newpw;

The following weak passwords in database ora8174 are found:

User name Password Status Type
CTXSYS *** WEAK *** Open DB
DBSNMP *** WEAK *** Open DB
ORDPLUGINS *** WEAK *** Open DB
ORDSYS *** WEAK *** Open DB
OUTLN *** WEAK *** Open DB


The following rules violations in ora9208 are found:

Test Priority Handle Description
Unlimited Sessions in Default Profile Medium CONF029 Every user can create an unlimited amount of database sessions. This could cause a D.o.S. problem
Unlimited Failed Login Attempts in Default Profile Medium CONF030 Every user can try an unlimited amount of database logins. Solution: ALTER PROFILE [profile_name] LIMIT FAILED_LOGIN_ATTEMPTS [new_value]
No Password Lock Time in Default Profile Medium CONF031 There is no password lock time. Solution: ALTER PROFILE [profile_name] LIMIT PASSWORD_LOCK_TIME UNLIMITED
Connect Role-Create View Medium CONF038 The CONNECT role contains the CREATE VIEW privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE VIEW FROM "CONNECT"
Connect Role-Create Table Medium CONF039 The CONNECT role contains the CREATE TABLE privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE TABLE FROM "CONNECT"
Connect Role-Create Synonym Medium CONF040 The CONNECT role contains the CREATE SYNONYM privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE SYNONYM FROM "CONNECT"
Connect Role-Create Database Link Medium CONF042 The CONNECT role contains the CREATE DATABASE LINK privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE DATABASE LINK FROM "CONNECT"
Connect Role-Alter Session Medium CONF043 The CONNECT role contains the ALTER SESSION privilege. A user could use this privilege to dump sensitive information like passwords literals. Solution: REVOKE ALTER SESSION FROM CONNECT
REMOTE_LOGIN_PASSWORDFILE IS set to [EXCLUSIVE] Medium CONF046 The init.ora parameter REMOTE_LOGIN_PASSWORDFILE is not set to NONE. This feature allows remote logins as SYSDBA. SYSDBA cannot be locked and can be used for bruteforce attacks
DBMS_SQL granted to PUBLIC High CONF066 The default package DBMS_SQL is granted to PUBLIC. This package allows is often used for privilege escalation. Solution: REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC
DBMS_RANDOM granted to PUBLIC Medium CONF078 The default package DBMS_RANDOM is granted to PUBLIC. This package allows users to create random numbers. Solution: REVOKE EXECUTE ON DBMS_RANDOM FROM PUBLIC
DBMS_LOB granted to PUBLIC Medium CONF100 The default package DBMS_LOB is granted to PUBLIC. This package allows users to read files. Solution: REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC
UTL_TCP granted to PUBLIC High CONF118 The default package UTL_TCP is granted to PUBLIC. This package allows TCP connection to other computers. Solution: REVOKE EXECUTE ON UTL_TCP FROM PUBLIC
UTL_HTTP granted to PUBLIC Medium CONF127 The default package UTL_HTTP is granted to PUBLIC. This package allows users to send HTTP requests. Solution: REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC
HTTPURITYPE granted to PUBLIC Medium CONF128 The default object type HTTPURITYPE is granted to PUBLIC. This object type allows users to send HTTP requests. Solution: REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC
UTL_SMTP granted to PUBLIC Medium CONF131 The default package UTL_SMTP is granted to PUBLIC. This package allows users to send emails via SMTP. Solution: REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC
UTL_INADDR granted to PUBLIC Medium CONF134 The default package UTL_INADDR is granted to PUBLIC. This package allows users to retrieve host names and ip addresses from local and remote hosts. Solution: REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC
Supplemental log data not used Medium CONF193 Redo/Archive Log does not contain additional information. This makes forensic analysis more easier. Solution: ALTER DATABASE ADD SUPPLEMENTAL LOG DATA
dblink_encrypt_login=[FALSE] Medium CONF200 dblink_encrypt_login is set to unlimited. Solution: alter system set dblink_encrypt_login=TRUE
Rootkit Critical BACKD0005 Argeniss Rootkit (BH2007) detected
Payload High BACKD0055 Library with msvcrt.dll (WIN) detected
Payload Medium BACKD0063 Table(s) with ! detected
Payload High BACKD0069 PL/SQL code which contains "grant dba"
Hidden database accounts [2] Critical BACKD0074 Number of database user is different in dba_users and sys.user$. This could be an indication for an Oracle rootkit
Payload Critical BACKD0090 Traces of Metasploit OS payload detected [http://www.metasploit.com/users/mc/oracle9i/oracle_win32.rb]
Payload High BACKD0098 Traces of password hacking tool (hashattack) detected
Payload High BACKD0099 Traces from Hashattack tool detected
Backdoor Critical BACKD0100 BACKD01Password verify function is sniffing the Oracle cleartext password via HTTP/DNS or filesystem

The following weak passwords in database ora9208 are found:

User name Password Status Type
DBSNMP *** WEAK *** Open DB
HIDDEN1 *** WEAK *** Open DB
TOAD *** WEAK *** Open DB


The following rules violations in orainfra are found:

Test Priority Handle Description
Unlimited Sessions in Default Profile Medium CONF029 Every user can create an unlimited amount of database sessions. This could cause a D.o.S. problem
Unlimited Failed Login Attempts in Default Profile Medium CONF030 Every user can try an unlimited amount of database logins. Solution: ALTER PROFILE [profile_name] LIMIT FAILED_LOGIN_ATTEMPTS [new_value]
No Password Lock Time in Default Profile Medium CONF031 There is no password lock time. Solution: ALTER PROFILE [profile_name] LIMIT PASSWORD_LOCK_TIME UNLIMITED
No Password Verify Function in Default Profile Medium CONF036 Password verify function not in use for the default profile. Solution: ALTER PROFILE [profile_name] LIMIT PASSWORD_VERIFICATION_FUNCTION [new_value]
Connect Role-Create View Medium CONF038 The CONNECT role contains the CREATE VIEW privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE VIEW FROM "CONNECT"
Connect Role-Create Table Medium CONF039 The CONNECT role contains the CREATE TABLE privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE TABLE FROM "CONNECT"
Connect Role-Create Synonym Medium CONF040 The CONNECT role contains the CREATE SYNONYM privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE SYNONYM FROM "CONNECT"
Connect Role-Create Database Link Medium CONF042 The CONNECT role contains the CREATE DATABASE LINK privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE DATABASE LINK FROM "CONNECT"
Connect Role-Alter Session Medium CONF043 The CONNECT role contains the ALTER SESSION privilege. A user could use this privilege to dump sensitive information like passwords literals. Solution: REVOKE ALTER SESSION FROM CONNECT
REMOTE_LOGIN_PASSWORDFILE IS set to [EXCLUSIVE] Medium CONF046 The init.ora parameter REMOTE_LOGIN_PASSWORDFILE is not set to NONE. This feature allows remote logins as SYSDBA. SYSDBA cannot be locked and can be used for bruteforce attacks
DBMS_SQL granted to PUBLIC High CONF066 The default package DBMS_SQL is granted to PUBLIC. This package allows is often used for privilege escalation. Solution: REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC
DBMS_SCHEDULER granted to PUBLIC Medium CONF072 The default package DBMS_SCHEDULER is granted to PUBLIC. This package allows to run jobs outside of business hours. Solution: REVOKE EXECUTE ON DBMS_SCHEDULER FROM PUBLIC
DBMS_RANDOM granted to PUBLIC Medium CONF078 The default package DBMS_RANDOM is granted to PUBLIC. This package allows users to create random numbers. Solution: REVOKE EXECUTE ON DBMS_RANDOM FROM PUBLIC
DBMS_LOB granted to PUBLIC Medium CONF100 The default package DBMS_LOB is granted to PUBLIC. This package allows users to read files. Solution: REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC
UTL_TCP granted to PUBLIC High CONF118 The default package UTL_TCP is granted to PUBLIC. This package allows TCP connection to other computers. Solution: REVOKE EXECUTE ON UTL_TCP FROM PUBLIC
UTL_DBWS granted to PUBLIC Medium CONF124 The default package UTL_DBWS is granted to PUBLIC. This package allows users to send HTTP requests. Solution: REVOKE EXECUTE ON UTL_DBWS FROM PUBLIC
UTL_HTTP granted to PUBLIC Medium CONF127 The default package UTL_HTTP is granted to PUBLIC. This package allows users to send HTTP requests. Solution: REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC
HTTPURITYPE granted to PUBLIC Medium CONF128 The default object type HTTPURITYPE is granted to PUBLIC. This object type allows users to send HTTP requests. Solution: REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC
UTL_SMTP granted to PUBLIC Medium CONF131 The default package UTL_SMTP is granted to PUBLIC. This package allows users to send emails via SMTP. Solution: REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC
UTL_INADDR granted to PUBLIC Medium CONF134 The default package UTL_INADDR is granted to PUBLIC. This package allows users to retrieve host names and ip addresses from local and remote hosts. Solution: REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC
Supplemental log data not used Medium CONF193 Redo/Archive Log does not contain additional information. This makes forensic analysis more easier. Solution: ALTER DATABASE ADD SUPPLEMENTAL LOG DATA
MDSYS.SDO_CATALOG vulnerable against SQL Injection Critical VULN023 MDSYS.SDO_CATALOG (10.1) is vulnerable against SQL injection. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-1866] [CVSS10.0]
MDSYS.SDO_PRIDX vulnerable against SQL Injection Critical VULN024 MDSYS.SDO_PRIDX (10.1) is vulnerable against SQL injection. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-1876] [CVSS10.0]
SQL Injection in DBMS_CDC_IPUBLISH Critical VULN031 SQL Injection in DBMS_CDC_IPUBLISH. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-5336] [CVSS9.0]
SQL Injection in CTX_QUERY Critical VULN036 SQL Injection in CTX_QUERY. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-0265] [CVSS10.0]
SQL Injection in DRILOAD Critical VULN037 SQL Injection in DRILOAD. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-0265] [CVSS10.0]
SQL Injection in DRVXMD Critical VULN038 SQL Injection in DRVXMD. Solution: Apply the latest Oracle Critical Patch Update
SQL Injection in SDO_PRIDX Critical VULN042 SQL Injection in SDO_PRIDX. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-1876] [CVSS10.0]


The following rules violations in orases are found:

Test Priority Handle Description
Unlimited Sessions in Default Profile Medium CONF029 Every user can create an unlimited amount of database sessions. This could cause a D.o.S. problem
No Password Lock Time in Default Profile Medium CONF031 There is no password lock time. Solution: ALTER PROFILE [profile_name] LIMIT PASSWORD_LOCK_TIME UNLIMITED
No Password Verify Function in Default Profile Medium CONF036 Password verify function not in use for the default profile. Solution: ALTER PROFILE [profile_name] LIMIT PASSWORD_VERIFICATION_FUNCTION [new_value]
Connect Role-Create View Medium CONF038 The CONNECT role contains the CREATE VIEW privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE VIEW FROM "CONNECT"
Connect Role-Create Table Medium CONF039 The CONNECT role contains the CREATE TABLE privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE TABLE FROM "CONNECT"
Connect Role-Create Synonym Medium CONF040 The CONNECT role contains the CREATE SYNONYM privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE SYNONYM FROM "CONNECT"
Connect Role-Create Database Link Medium CONF042 The CONNECT role contains the CREATE DATABASE LINK privilege. This is not necessary for a normal connect to the database. You should revoke this privilege from the CONNECT role. Solution: REVOKE CREATE DATABASE LINK FROM "CONNECT"
Connect Role-Alter Session Medium CONF043 The CONNECT role contains the ALTER SESSION privilege. A user could use this privilege to dump sensitive information like passwords literals. Solution: REVOKE ALTER SESSION FROM CONNECT
REMOTE_LOGIN_PASSWORDFILE IS set to [EXCLUSIVE] Medium CONF046 The init.ora parameter REMOTE_LOGIN_PASSWORDFILE is not set to NONE. This feature allows remote logins as SYSDBA. SYSDBA cannot be locked and can be used for bruteforce attacks
DBMS_SQL granted to PUBLIC High CONF066 The default package DBMS_SQL is granted to PUBLIC. This package allows is often used for privilege escalation. Solution: REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC
DBMS_SCHEDULER granted to PUBLIC Medium CONF072 The default package DBMS_SCHEDULER is granted to PUBLIC. This package allows to run jobs outside of business hours. Solution: REVOKE EXECUTE ON DBMS_SCHEDULER FROM PUBLIC
DBMS_RANDOM granted to PUBLIC Medium CONF078 The default package DBMS_RANDOM is granted to PUBLIC. This package allows users to create random numbers. Solution: REVOKE EXECUTE ON DBMS_RANDOM FROM PUBLIC
DBMS_LOB granted to PUBLIC Medium CONF100 The default package DBMS_LOB is granted to PUBLIC. This package allows users to read files. Solution: REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC
UTL_TCP granted to PUBLIC High CONF118 The default package UTL_TCP is granted to PUBLIC. This package allows TCP connection to other computers. Solution: REVOKE EXECUTE ON UTL_TCP FROM PUBLIC
UTL_DBWS granted to PUBLIC Medium CONF124 The default package UTL_DBWS is granted to PUBLIC. This package allows users to send HTTP requests. Solution: REVOKE EXECUTE ON UTL_DBWS FROM PUBLIC
UTL_HTTP granted to PUBLIC Medium CONF127 The default package UTL_HTTP is granted to PUBLIC. This package allows users to send HTTP requests. Solution: REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC
HTTPURITYPE granted to PUBLIC Medium CONF128 The default object type HTTPURITYPE is granted to PUBLIC. This object type allows users to send HTTP requests. Solution: REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC
UTL_SMTP granted to PUBLIC Medium CONF131 The default package UTL_SMTP is granted to PUBLIC. This package allows users to send emails via SMTP. Solution: REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC
UTL_INADDR granted to PUBLIC Medium CONF134 The default package UTL_INADDR is granted to PUBLIC. This package allows users to retrieve host names and ip addresses from local and remote hosts. Solution: REVOKE EXECUTE ON UTL_INADDR FROM PUBLIC
Supplemental log data not used Medium CONF193 Redo/Archive Log does not contain additional information. This makes forensic analysis more easier. Solution: ALTER DATABASE ADD SUPPLEMENTAL LOG DATA
MDSYS.SDO_CATALOG vulnerable against SQL Injection Critical VULN023 MDSYS.SDO_CATALOG (10.1) is vulnerable against SQL injection. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-1866] [CVSS10.0]
SQL Injection in DBMS_CDC_IPUBLISH Critical VULN031 SQL Injection in DBMS_CDC_IPUBLISH. Solution: Apply the latest Oracle Critical Patch Update. [CVE-2006-5336] [CVSS9.0]

The following weak passwords in database orases are found:

User name Password Status Type
DUMMY *** WEAK *** Open DB


Modified items in ora102

Modification type Owner Type Name new MD5-checksum
SYS.USER$ SYS.USER$ TABLEROW AAAAAKAABAAAABaAAA 06024f041f07e51c65f12a6428038789
SYS.USER$ SYS.USER$ TABLEROW AAAAAKAABAAAABbAAQ 50378981e1651113128a0c1342f34aa7
SYS.USER$ SYS.USER$ TABLEROW AAAAAKAABAAAABcAAD 65f4ca198a98f1a51f2f62a6d03fbba8
SYS SYS SYNONYM ALEX102SYN 84ad6306033533b3ad14b4ad752210c8
SYS SYS VIEW ALEX102 54a8ece911ce1a04436d36234aa4e028

The following rules violations in ora102 are found:

Test Priority Handle Description
Unlimited Sessions in Default Profile Medium CONF029 Every user can create an unlimited amount of database sessions. This could cause a D.o.S. problem
REMOTE_LOGIN_PASSWORDFILE IS set to [EXCLUSIVE] Medium CONF046 The init.ora parameter REMOTE_LOGIN_PASSWORDFILE is not set to NONE. This feature allows remote logins as SYSDBA. SYSDBA cannot be locked and can be used for bruteforce attacks
DBMS_SQL granted to PUBLIC High CONF066 The default package DBMS_SQL is granted to PUBLIC. This package allows is often used for privilege escalation. Solution: REVOKE EXECUTE ON DBMS_SQL FROM PUBLIC
DBMS_SCHEDULER granted to PUBLIC Medium CONF072 The default package DBMS_SCHEDULER is granted to PUBLIC. This package allows to run jobs outside of business hours. Solution: REVOKE EXECUTE ON DBMS_SCHEDULER FROM PUBLIC
DBMS_RANDOM granted to PUBLIC Medium CONF078 The default package DBMS_RANDOM is granted to PUBLIC. This package allows users to create random numbers. Solution: REVOKE EXECUTE ON DBMS_RANDOM FROM PUBLIC
HTTPURITYPE granted to PUBLIC Medium CONF128 The default object type HTTPURITYPE is granted to PUBLIC. This object type allows users to send HTTP requests. Solution: REVOKE EXECUTE ON HTTPURITYPE FROM PUBLIC
Supplemental log data not used Medium CONF193 Redo/Archive Log does not contain additional information. This makes forensic analysis more easier. Solution: ALTER DATABASE ADD SUPPLEMENTAL LOG DATA
Recyclebin=[on] Medium CONF195 Recyclebin is enabled. For security reasons recyclebin should be disabled. Details see Oracle Database Vault Security Guidelines.
User OUTLN with non-default password is not locked Critical CONF195 User OUTLN with non-default password is not locked
Payload High BACKD0002 Database Hacker Handbook Exploit helper detected. This package grants DBA to public
Payload High BACKD0069 PL/SQL code which contains "grant dba"

The following weak passwords in database ora102 are found:

User name Password Status Type
ALTER_TEST *** WEAK *** Open DB
EX1 *** WEAK *** Open DB
orcladmin *** WEAK *** Open FROM OID (MD5)


(c) 2004-2008 by Red-Database-Security GmbH