- 11g (12)
- Allgemein (29)
- David Litchfield (7)
- Exploit (23)
- Forensics (7)
- Oracle Security (105)
- passwords (8)
- Repscan (1)
- Security (22)
- Sentrigo (5)
- software (9)
- source code audit (5)
- SQL Injection (24)
- Tools (24)
- Trainings (3)
- Tutorial (2)
- 18 Nov 2011: DOAG 2011 Presentation "Best of Oracle Security 2011"
- 15 Okt 2011: Oracle Critical Patch Update Pre-Release Announcement - October 2011
- 17 Sep 2011: Disable Auditing and running OS commands using oradebug
- 13 Apr 2011: Blackhat Training "HACKING AND SECURING ORACLE (2 days) "
- 2 Apr 2011: Oracle Database 11.2 Express Edition Beta comes with weak default password
- 23 Mrz 2011: McAfee acquires Sentrigo
- 12 Okt 2010: TDE decrypt utilities and TDE/Password flash demo
- 22 Sep 2010: Marcell published "Writing your own password cracker" presentation
- 21 Sep 2010: Laszlo's presentation "Oracle Post Exploitation Techniques" and Marcel's Sybase ASE Password Cracker
- 10 Sep 2010: Update of "Project Lockdown" released
Oracle Security
SQL Injection
- November 2011
- Oktober 2011
- September 2011
- April 2011
- März 2011
- Oktober 2010
- September 2010
- August 2010
- April 2010
- März 2010
- Februar 2010
- Januar 2010
- Dezember 2009
- November 2009
- Oktober 2009
- September 2009
- August 2009
- Juli 2009
- Mai 2009
- April 2009
- März 2009
- Februar 2009
- Januar 2009
- Dezember 2008
- November 2008
- Oktober 2008
- August 2008
- Juli 2008
- Mai 2008
- April 2008
- März 2008
- Februar 2008
- Januar 2008
- Dezember 2007
- November 2007
- Oktober 2007
- September 2007
- August 2007
- Juli 2007
- Juni 2007
- Mai 2007
Oracle Database 11.2 Express Edition Beta comes with weak default password
Yesterday Oracle released the first beta of Oracle Database 11.2. Express Edition. I downloaded the beta and after installation I run our database scanner Repscan against it.
It was surprising that Oracle delivers 11.2 Express Edition with a default password for the open APEX_040000.
C:\>sqlplus apex_040000/oracle@192.168.2.38/XE
SQL*Plus: Release 11.1.0.7.0 - Production on Sat Apr 2 13:33:24 2011
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - Beta
SQL> desc dba_users
Name Null? Type
—————————————– ——– —————————-
USERNAME NOT NULL VARCHAR2(30)
USER_ID NOT NULL NUMBER
PASSWORD VARCHAR2(30)
ACCOUNT_STATUS NOT NULL VARCHAR2(32)
LOCK_DATE DATE
EXPIRY_DATE DATE
DEFAULT_TABLESPACE NOT NULL VARCHAR2(30)
TEMPORARY_TABLESPACE NOT NULL VARCHAR2(30)
CREATED NOT NULL DATE
PROFILE NOT NULL VARCHAR2(30)
INITIAL_RSRC_CONSUMER_GROUP VARCHAR2(30)
EXTERNAL_NAME VARCHAR2(4000)
PASSWORD_VERSIONS VARCHAR2(8)
EDITIONS_ENABLED VARCHAR2(1)
AUTHENTICATION_TYPE VARCHAR2(8)
SQL> select * from user_role_privs;
USERNAME GRANTED_ROLE ADM DEF OS_
—————————— —————————— — — —
APEX_040000 CONNECT NO YES NO
APEX_040000 RESOURCE YES YES NO
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
—————————— —————————————- —
APEX_040000 CREATE TRIGGER YES
APEX_040000 CREATE SYNONYM YES
APEX_040000 UNLIMITED TABLESPACE YES
APEX_040000 ALTER SESSION NO
APEX_040000 CREATE JOB YES
APEX_040000 CREATE DIMENSION YES
APEX_040000 CREATE SEQUENCE YES
APEX_040000 CREATE TABLE YES
APEX_040000 ALTER USER NO
APEX_040000 CREATE USER NO
APEX_040000 CREATE SESSION YES
APEX_040000 CREATE OPERATOR YES
APEX_040000 ALTER DATABASE NO
APEX_040000 DROP USER NO
APEX_040000 CREATE INDEXTYPE YES
APEX_040000 CREATE MATERIALIZED VIEW YES
APEX_040000 CREATE VIEW YES
APEX_040000 CREATE CLUSTER YES
APEX_040000 CREATE ANY CONTEXT YES
APEX_040000 CREATE PROCEDURE YES
APEX_040000 DROP PUBLIC SYNONYM NO
APEX_040000 DROP TABLESPACE NO
APEX_040000 CREATE TABLESPACE NO
APEX_040000 CREATE TYPE YES
APEX_040000 CREATE ROLE NO
APEX_040000 CREATE PUBLIC SYNONYM NO
26 rows selected.
SQL>
This APEX user has for example ALTER USER privileges and can change the password of any user in the database.
Please change the password of APEX_040000 after the installation of the new 11.2 Express Edition beta.