RE: getting users passwords in plain text
- From: "Elliott, Patrick" <patrick.elliott@xxxxxxxxxxxxx>
- To: "vincent.verpoort@xxxxxxxxx" <vincent.verpoort@xxxxxxxxx>, Oracle-L Freelists <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 16 Oct 2007 09:06:42 -0500
The only way I know of is in 9i and lower, and then only if there is a database
link. The SYS.LINK$ table contains clear text passwords for database links to
a remote database. Otherwise you could get a copy of the official scrabble
password dictionary OSPD and write a pl/sql package to hack the passwords. If
the passwords are strong ones, then this will be really difficult. If the
users are entering their own passwords and you are not enforcing strong
passwords, then you might try just the usernames as passwords and see what you
get. Try the following in sqlplus:
set pages 0
set head off
set feed off
spool password_check.sql
select 'connect '||username||'/'||username
from dba_users;
spool off
set feed on
spool password_check.log
@password_check.sql
spool off
Then look for any "Connected" messages.
This was a problem for us until we implemented strong password restrictions in
our databases. The above won't work if you are also.
You might try mixing up the password a bit also, like adding numbers to the
end, or changing some of the letters to numbers.
Pat
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
Behalf Of Vincent verpoort
Sent: Tuesday, October 16, 2007 8:14 AM
To: Oracle-L Freelists
Subject: getting users passwords in plain text
Hi Experts,
I have a question that's a bit unethical.
For a company i'm working for i need to find out what the passwords are of
oracle users. As changing them means a lot of work for allot of poeple.
Is there anyway i can clear text the password from dba database, i have sysdba
and all privs.
any points would be nice also i want to put this into script so if anyone has
something ?
--
Vincent Verpoort
,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_,.-~`"'~-.,_
Communiceren is begrepen worden
^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-._,.->*^*<-.
___________________________________________________________________________________________________
CONFIDENTIALITY AND PRIVACY NOTICE
Information transmitted by this email is proprietary to Medtronic and is
intended for use only by the individual or entity to which it is addressed, and
may contain information that is private, privileged, confidential or exempt
from disclosure under applicable law. If you are not the intended recipient or
it appears that this mail has been forwarded to you without proper authority,
you are notified that any use or dissemination of this information in any
manner is strictly prohibited. In such cases, please delete this mail from your
records.
To view this notice in other languages you can either select the following link
or manually copy and paste the link into the address bar of a web browser:
http://emaildisclaimer.medtronic.com
Other related posts:
