Threat Finder

Threat ID
10
Threat Date
08/06/2007
Threat Name
Password for database user same as username
CVE Reference
CVE-NO-MATCH
CCE Reference
CCE-NO-MATCH
Risk
High
Database Type
Oracle
Category
Weak Passwords
Versions
All versions of Oracle
Summary
If the username is the same as the password, an attacker can easily break into the account.
Overview
Strong passwords should be used for all Oracle users. If you allow accounts to have passwords that are the same as the username, an attacker can easily guess the password and break into a database.
References
VMSKey
STIGID

Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.

Powered by