Oracle Database Listener Program (tnslsnr) Service Blank Password

medium Nessus Plugin ID 10660

Synopsis

The remote database service is not password-protected.

Description

The remote Oracle Listener Program (tnslsnr) has no password assigned. An attacker may use this fact to shut it down arbitrarily, thus preventing legitimate users from using it.

Solution

Use the lsnrctrl CHANGE_PASSWORD command to assign a password to the listener.

Plugin Details

Severity: Medium

ID: 10660

File Name: oracle_tnslsnr_security.nasl

Version: 1.27

Type: remote

Family: Databases

Published: 5/3/2001

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:oracle:listener

Vulnerability Publication Date: 1/1/2000