Oracle Database Listener Program (tnslsnr) Service Blank Password

(C) 2001-2014 James W. Abendschan <jwa@jammed.com> (GPL)


Synopsis :

The remote database service is not password-protected.

Description :

The remote Oracle Listener Program (tnslsnr) has no password assigned.
An attacker may use this fact to shut it down arbitrarily, thus
preventing legitimate users from using it.

Solution :

Use the lsnrctrl CHANGE_PASSWORD command to assign a password to the
listener.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Databases

Nessus Plugin ID: 10660 ()

Bugtraq ID:

CVE ID: