Re: Security Questions

  • From: Ray Stell <stellr@xxxxxxxxxx>
  • To: oracle-l <oracle-l@xxxxxxxxxxxxx>
  • Date: Tue, 24 Jan 2006 11:14:14 -0500

The sans folks seem to think that having a handle on the 
default role pws is a good idea, but I don't know what the 
vulnerability is, note it is sev 1:

Action Description                        Severity Level O/S   Oracle    
                                          level                Version   Install
2.2.11 Audit known default role passwords 1        ALL         ALL      YES

The severity levels are set between 1 and 5 (1 indicating the highest level).

On Tue, Jan 24, 2006 at 10:25:04AM -0500, J. Dex wrote:
> Does it matter if standard Oracle roles are NOT password protected?  Does 
> it only need to be non-standard roles that are password protected?

Other related posts: