RE: passwords in clear text and password protected roles bypass

• From: Ravi Kulkarni <kulkarni.ravi@xxxxxxx>
• To: oracle-l@xxxxxxxxxxxxx
• Date: Mon, 15 Mar 2004 12:50:42 -0600

Great hint, Thank you. 
Is there a way to avoid(/defer) clear-text-passwords when Creating users ?


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of Pete Finnigan
Sent: Sunday, March 14, 2004 1:14 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: passwords in clear text and password protected roles bypass


Hi Everyone,

Further to Nuno's question last week I have just put two short papers on
my website, the first discussing clear text password transmissions when
changing a users password in the database which i showed in my post last
and the second discussing the same issue with set role {blah} identified
by {blah}. 

The second paper also discusses an issue I found whereby you can bypass
the password protection assigned to a role. Both papers describe the
issues and also suggest possible solutions. The papers are available
from:

http://www.petefinnigan.com/ramblings/passwords_in_clear_text.htm
and
http://www.petefinnigan.com/ramblings/issues_with_roles_and_passwords.ht
m

Hope you find them useful.

kind regards

Pete
-- 
Pete Finnigan
email:pete@xxxxxxxxxxxxxxxx
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------

• Follow-Ups:
  • Re: passwords in clear text and password protected roles bypass
    • From: Mladen Gogala
  • Re: passwords in clear text and password protected roles bypass
    • From: Pete Finnigan

• References:
  • passwords in clear text and password protected roles bypass
    • From: Pete Finnigan

Other related posts:

• » passwords in clear text and password protected roles bypass
• » RE: passwords in clear text and password protected roles bypass
• » Re: passwords in clear text and password protected roles bypass
• » Re: passwords in clear text and password protected roles bypass
• » Re: passwords in clear text and password protected roles bypass
• » RE: passwords in clear text and password protected roles bypass

1. Home
2. oracle-l
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---