Skip to Main Content
Forums

Database Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Oracle Default accounts

MohamedTawfikAug 18 2010 — edited Aug 25 2010
Dear All

below are sample of Oracle default accounts,
Account: ADAMSDefault password: WOODPassword hash: 72CDEF4A3483F60DVersions affected: 9i, 9iR2Description: ADAMS is a sample schema owner and training account. It should always be removed in a production environment.

Account: ANONYMOUSDefault password: ANONYMOUSPassword hash: FE0E8CE7C92504E9Versions affected: 10gDescription: ANONYMOUS is used to provide (you guessed it) anonymous access to an Oracle XML DB repository via Hypertext Transfer Protocol (HTTP). It’s almost always a really bad idea to offer anonymous access. Oracle’s documentation points out the security risks of enabling this account. If you are not granting anonymous access to XML DB, this account should be removed from the system.

Account: AURORA$JIS$UTILITY$Default password: N/A (This account gets a randomly generated password)Password hash: N/AVersions affected: 9iDescription: JSERV account used by CORBA tools and Enterprise Java Beans.CORBA (ORB) is a standard for communication between objects in a distributed computing system. This account is created during the install of the Oracle Servlet Engine. Changing the password for this account is not allowed. However, if you are not using the Oracle Java Virtual Machine (JVM) or CORBA, this account should be removed.

Account: AURORA$ORB$UNAUTHENTICATEDDefault password: N/A (This account gets a randomly generated password)Password hash: N/AVersions affected: 9iDescription: JSERV account used by CORBA tools and Enterprise Java Beans.CORBA (ORB) is a standard for communication between objects in a distributed computing system. This account is created during the install of the Oracle Servlet Engine. Changing the password for this account is not allowed. However, if you are not using the Oracle JVM or CORBA, this account should be removed.

Account: BLAKEDefault password: PAPERPassword hash: 9435F2E60569158EVersions affected: 9iDescription: BLAKE is a training account. It should always be removed in a production environment.

Complete article:
http://securedb.blogspot.com/2010/08/oracle-default-accounts.html
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 22 2010
Added on Aug 18 2010
#database-security, #database-security-general, #db, #oracle
2 comments
1,723 views