|
Home > Archive > Oracle Server > May 2005 > Nessus Oracle Password scan plugin
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Nessus Oracle Password scan plugin
|
|
| jansen.greg@gmail.com 2005-05-27, 11:23 am |
| I'm running vulnerability scans on Oracle servers using Nessus.
However, there is no plugin to scan for default or easy to guess
passwords. Has anyone seen a Nessus plugin that would allow this, or
have information on writing one that would do the trick?
| |
| DA Morgan 2005-05-27, 1:23 pm |
| jansen.greg@gmail.com wrote:
> I'm running vulnerability scans on Oracle servers using Nessus.
> However, there is no plugin to scan for default or easy to guess
> passwords. Has anyone seen a Nessus plugin that would allow this, or
> have information on writing one that would do the trick?
Haven't heard of such a thing but the simple solution is to expire
all passwords after activating a modified version of Oracle's
verify_function in the user profile.
If you modify the function to look at a table containing a dictionary
of common words you can pretty much rest assured the vulnerability
will be dealt with.
--
Daniel A. Morgan
http://www.psoug.org
damorgan@x.washington.edu
(replace x with u to respond)
| |
| Mark Bole 2005-05-27, 1:23 pm |
| jansen.greg@gmail.com wrote:
> I'm running vulnerability scans on Oracle servers using Nessus.
> However, there is no plugin to scan for default or easy to guess
> passwords. Has anyone seen a Nessus plugin that would allow this, or
> have information on writing one that would do the trick?
>
Don't know anything about Nessus plugins, but here's a good start on the
general problem:
http://www.petefinnigan.com/default...
cker.htm
-Mark Bole
|
|
|
|
|