Oracle Default Accounts

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

One or more default accounts have been found in the remote database.

Description :

The remote Oracle database server has one or more default accounts,
possibly from older versions of Oracle or third-party software that
uses Oracle.

An attacker may use these accounts to gain access to the database
and read or possibly even modify it.

See also :

http://www.petefinnigan.com/
http://archives.neohapsis.com/archives/bugtraq/2009-10/0142.html

Solution :

If using a third-party product, contact the vendor for an update.

Otherwise, either disable the reported accounts or change the
associated passwords.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Databases

Nessus Plugin ID: 22075 ()

Bugtraq ID:

CVE ID: