Oracle Security Check

Default installations of Oracle do not provide a totally secure system when installed from scratch. DBA's must remember to change what can be anything up to 600 default account passwords once the installation has completed.

This application will scan an Oracle instance and will check current accounts against a list of known default usernames and passwords. This application shows how easy it is to check for some common installation vulnerabilities.

Installation

This application is available here

All that is required to install this product is to unzip it to the required directory

Execution:

You must first of all set up a TNS listener connection to the database to be tested by using Oracle Net Configuration Tools.

Once this has been done, you need to have a set of valid credentials to enter into the gui tool itself.

Once this has completed a popup box is displayed:

An output log is also created which could potentially added to a covering report: