Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> How to Scan OID?
        
(Message started by: Pete Finnigan on Sep 6th, 2006, 12:52am)
Title: How to Scan OID?
Post by Pete Finnigan on Sep 6th, 2006, 12:52am
We recently implemented oracle Internet Directory, which I know is an LDAP v3 Directory server.

The question I have is, how can I scan OID for security issues?

We use AppDetective on our databases and am looking for something similar (especially the easily gueesed password portion).

Thanks. Sean.
Title: Re: How to Scan OID?
Post by Pete Finnigan on Sep 7th, 2006, 9:34am
Hi Sean,

OID in part is implemented in an Oracle database so you can use AppDetective yto scan the database. I dont think that it will scan the LADP though.

cheers

Pete
Title: Re: How to Scan OID?
Post by Pete Finnigan on Sep 8th, 2006, 12:51pm
But are the usernames and passwords for OID (as in the users it is being used to authenticate on a different system) stored in the DB or in the LDAP?

Also, wouldn't they have to be database users for AppDetective to scan? It isn't enough for there to be an arbitrary Users table the LDAP uses because AppDetective is predefined to scan the DB users.

No one knows of any tools?

Thanks. Sean.


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board