Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Writing a password cracker in Perl"] [Next entry: "IOUG Critical Patch Update Survey Results Are Out"]

A new version of woraauthbf is available (The Oracle password cracker)

I have been in discussions and helping with some testing for the latest version of Laszlo Toth's excellent Oracle password cracker woraauthbf. The main page for the cracker describes the various releases and also describes how the cracker works and can be used.

This bugfix release (0.22R2) is to fix a bug in the 11g password hash checking where the brute force mode for 11g stopped working when the pre-loading was added to the cracker.

A pre-compiled version of worauthbf for Windows is available. The C source code for the latest version is also available.

If you are serious about Oracle security you should run my simple sqlplus script that implements an Oracle password cracker in PL/SQL first and then when you are comfortable with the process move to a binary cracker such as woraauthbf to test passwords to a stronger level.

Thanks Laszlo for your great work on this free program.