Hello Bugtraq-Reader we have implemented a free dictionary based Oracle password checker for Oracle databases called checkpwd 1.0. This is a useful tool for DBAs to identify Oracle accounts with weak or default passwords. Details & Download http://www.red-database-security.com/software/checkpwd.html ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Usage with Oracle database connect (requires installed Oracle client) C:\>checkpwd system/strongpw@database password_list.txt Checkpwd 1.00 - (c) 2005 by Red-Database-Security GmbH initializing Oracle client library connecting to the database retrieving users and password hash values opening weak password list file reading weak passwords list checking passwords SYSTEM OK SYS OK MGMT_VIEW OK DBSNMP OK SYSMAN OK KORNBRUST OK INTERNET_APPSERVER_REGISTRY has weak password INTERNET_APPSERVER_REGISTRY WIRELESS has weak password WIRELESS PORTAL_APP has weak password PORTAL PORTAL_PUBLIC has weak password PORTAL WCRSYS has weak password WCRSYS UDDISYS has weak password UDDISYS Done. Summary: Passwords checked : 13230016 Weak passwords found : 6 Elapsed time (min:sec) : 1:42 Passwords / second : 138152 Usage standalone c:\>checkpwd SCOTT:F894844C34402B67 default_passwords.txt Checkpwd 1.00 - (c) 2005 by Red-Database-Security GmbH opening weak password list file reading weak passwords list checking passwords SCOTT has weak password TIGER Done. Summary: Passwords checked : 595 Weak passwords found : 1 Elapsed time (min:sec) : 0:0 Passwords / second : 595 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Regards Alexander Kornbrust ak at red-database-security.com Red-Database-Security GmbH http://www.red-database-security.com
