Repscan 2.12 - Database Assessment Report


Repscan 2.12 - Database Assessment Report

Repscan Report Created: Wed Aug 27 20:29:58 2008

Scanned databases

Database Name	Signature	Result
ora8174	signatures/ora8174_sig.csv	failed
ora9208	signatures/ora9208_sig.csv	failed
orainfra	signatures/orainfra_sig.csv	failed
orases	signatures/orases_sig.csv	failed
ora102	signatures/ora102_sig.csv	failed

The following weak passwords in database ora8174 are found:

User name	Password	Status	Type
CTXSYS	CTXSYS	Open	DB
DBSNMP	DBSNMP	Open	DB
MDSYS	MDSYS	Locked	DB
ORDPLUGINS	ORDPLUGINS	Open	DB
ORDSYS	ORDSYS	Open	DB
OUTLN	OUTLN	Open	DB

PASSWORD003 - PL/SQL Code containing the string password in ora9208

OWNER	NAME	AUTHID	SQLTEXT
SYSTEM	RSTPWD	CURRENT_USER	MYSTMT:='UPDATE SYS.USER$ SET PASSWORD = ''FE0E8CE7C92504E9'' WHERE NAME=''ANONYMOUS''';

Invalid Oracle passwords from SYS.USER$ in ora9208

NAME	PASSWORD
GLOBAL_AQ_USER_ROLE	GLOBAL
ANONYMOUS	anonymous

The following weak passwords in database ora9208 are found:

User name	Password	Status	Type
DBSNMP	DBSNMP	Open	DB
HIDDEN1	HIDDEN1	Open	DB
MDSYS	MDSYS	Expired and Locked	DB
ODM	ODM	Expired and Locked	DB
ORDPLUGINS	ORDPLUGINS	Expired and Locked	DB
ORDSYS	ORDSYS	Expired and Locked	DB
OUTLN	OUTLN	Expired and Locked	DB
TOAD	TOAD	Open	DB
WMSYS	WMSYS	Expired and Locked	DB

OID Password Hashes (MD4) - ods.ds_attrstore in orainfra

SSOUSER	METHOD	HASH
jaznadminuser	MD4	EF9035080D840FCD05D380C3E8513BF36E3AD01DB5D35E7A

OID Password Hashes (MD5) - ods.ds_attrstore in orainfra

SSOUSER	METHOD	HASH
dipadmin	MD5	D278FC5837F45FAAF536AE2A7FF4115D
dipadmin	MD5	E35DA3A3D4D95EABDF12A0DE426A542B
emd admin	MD5	D278FC5837F45FAAF536AE2A7FF4115D
odisrv	MD5	E35DA3A3D4D95EABDF12A0DE426A542B
orcladmin	MD5	D278FC5837F45FAAF536AE2A7FF4115D

OID Password Hashes (SHA1) - ods.ds_attrstore in orainfra

SSOUSER	METHOD	HASH
dipadmin	SHA	FA2132390D8A46297146EF57B7CAB299C7678D36
dipadmin	SHA	1855D05C1E861FB5C6FF26ACAF9C7B310BACA282
emd admin	SHA	FA2132390D8A46297146EF57B7CAB299C7678D36
odisrv	SHA	1855D05C1E861FB5C6FF26ACAF9C7B310BACA282
orcladmin	SHA	FA2132390D8A46297146EF57B7CAB299C7678D36
replication dn	SHA	FA2132390D8A46297146EF57B7CAB299C7678D36

Oracle WKSYS Passwords from WK$_SYSINFO (encrypted) in orainfra

TO_CHAR(WK$IID)	VALUE	PASSWORD	SI_MODIFIED
3	PASSWORD	2315759333768D8665E058E0834000D7	2007.2.10 16:34:15

Password for dsgateway.portal_properties in orainfra

PRV_ID	PROPERTY_NAME	PASSWORD
-1	provider.davUsername	8FEF10C6025B64CEF6195F914D901777E1E18D9B8718A16A
-1	provider.davPassword	D502DAC1AA796E59E9D5CEB75CEA003E0D0CF96040BE5871
-1	provider.sbbUsername	8FEF10C6025B64CEF6195F914D901777E1E18D9B8718A16A
-1	provider.sbbPassword	D502DAC1AA796E59E9D5CEB75CEA003E0D0CF96040BE5871

Database control SYSMAN.MGMT_VIEW_USER password (cleartext) in orainfra

VIEW_USERNAME	PASSWORD
MGMT_VIEW	A61CACFB349D7392E928A251D2311F

Database control SYSMAN.mgmt_credentials2 (cleartext) in orainfra

SYSMANUSER	PASSWORD
dbsnmp	rdsora1

The following weak passwords in database orainfra are found:

User name	Password	Status	Type
DIP	DIP	Expired and Locked	DB
DMSYS	DMSYS	Expired and Locked	DB
EXFSYS	EXFSYS	Expired and Locked	DB
IP	IP	Expired and Locked	DB
MDDATA	MDDATA	Expired and Locked	DB
MDSYS	MDSYS	Expired and Locked	DB
ORDPLUGINS	ORDPLUGINS	Expired and Locked	DB
ORDSYS	ORDSYS	Expired and Locked	DB
OUTLN	OUTLN	Expired and Locked	DB
SI_INFORMTN_SCHEMA	SI_INFORMTN_SCHEMA	Expired and Locked	DB
WK_TEST	WK_TEST	Expired and Locked	DB
WMSYS	WMSYS	Expired and Locked	DB

Oracle SES eqsys.eq$_data_source_param (encrypted PW) in orases

T1.PV_VALUE\|\|'/'\|\|T2.PV_VALUE\|\|'@'\|\|T3.PV_VALUE\|\|':'\|\|T4.PV_VALUE\|\|'@'\|\|T5.PV_VALUE
SYSTEM/083B5DF53470E4F1101A2EC4B8CD1EB0@192.168.2.80:1521@ORCL

Oracle SES Passwords from eqsys.EQ$_SYSINFO (encrypted) in orases

TO_CHAR(EQ$IID)	SI_NAME	PASSWORD	SI_MODIFIED
1	PASSWORD	BAAC43984ED1AFC29EC1ED4D3FC44B5E	2007.2.11 12:18:6

The following weak passwords in database orases are found:

User name	Password	Status	Type
DBSNMP	DBSNMP	Expired and Locked	DB
DIP	DIP	Expired and Locked	DB
DMSYS	DMSYS	Expired and Locked	DB
DUMMY	DUMMY	Open	DB
EXFSYS	EXFSYS	Expired and Locked	DB
MDSYS	MDSYS	Expired and Locked	DB
ORDPLUGINS	ORDPLUGINS	Expired and Locked	DB
ORDSYS	ORDSYS	Expired and Locked	DB
OUTLN	OUTLN	Expired and Locked	DB
SI_INFORMTN_SCHEMA	SI_INFORMTN_SCHEMA	Expired and Locked	DB
WMSYS	WMSYS	Expired and Locked	DB

The following weak passwords in database ora102 are found:

User name	Password	Status	Type
ALTER_TEST	ALTER_TEST	Open	DB
EX1	EX1	Open	DB
EX2	EX2	Open	DB
orcl1	welcome1	Open	FROM OID (MD5)
admin	admin	Open	FROM APEX 2.2
user1	user1	Open	FROM APEX 2.2
user77	oracle	Open	FROM APEX 2.2

(c) 2004-2008 by Red-Database-Security GmbH