Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Alex Kornbrust has today released 3 new Oracle security advisories"] [Next entry: "Alex has added days to fix to his Oracle security advisories"]

A new paper on Oracle database passwords

I just noticed that Alex Kornbrust has released a new paper on his site titled "Fact sheet about Oracle database passwords".

This is an interesting short paper. It talks about the designer of the algorithm and also where it can be found and some details of its implementation. It then goes on to talk about the location of the passwords, how to change a password, default password lists, Oracle password policies, Brute force attack timings and also where clear text passwords can be found.