Oracle XDB Default Accounts

High Nessus Plugin ID 110054

Synopsis

One or more default accounts have been found in the remote database.

Description

The remote Oracle database server has one or more default accounts, possibly from older versions of Oracle or third-party software that uses Oracle.

An attacker may use these accounts to gain access to the database and read or possibly even modify it.

Solution

If using a third-party product, contact the vendor for an update.

Otherwise, either disable the reported accounts or change the associated passwords.

See Also

http://www.petefinnigan.com/

https://seclists.org/bugtraq/2009/Oct/141

Plugin Details

Severity: High

ID: 110054

File Name: oracle_xdb_https_default_account.nbin

Version: 1.42

Type: remote

Family: Databases

Published: 2018/05/23

Updated: 2019/06/24

Dependencies: 10107

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:oracle:database_server

Required KB Items: Oracle/TestDefaultAccounts, www/oracledb