Oracle Default SID

info Nessus Plugin ID 22074
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

It was possible to identify databases on the remote host.

Description

The remote Oracle database server either contains one or more databases that use well-known System Identifiers (SIDs) or supports the 'services' command as a means of listing available SIDs on the affected system.

Since an Oracle SID serves to uniquely identify a particular database on a given host and is required when connecting to an Oracle database, an attacker can leverage these SIDs to attempt to access databases on the remote host.

Solution

Change any SIDs that are identified.

Plugin Details

Severity: Info

ID: 22074

File Name: oracle_default_sids.nbin

Version: 1.196

Type: remote

Family: Databases

Published: 7/19/2006

Updated: 10/4/2021

Dependencies: oracle_detect.nbin

Vulnerability Information

CPE: cpe:/a:oracle:database_server

Excluded KB Items: global_settings/supplied_logins_only