This is a useful tool for auditing passwords in an Oracle database. It is a PL/SQL program and source code is included. It does a brute force check to find passwords that users have specified. There is a downside in that it should really be used in a separate database to prevent resource hogging issues in the database where the users passwords are to be checked. Because its PL/SQL based and uses ALTER USER commands its quite slow but still useful.
Also remember to check for default Oracle users with default passwords still set as well as auditing users passwords.