- Threat ID
- Threat Date
- Threat Name
- Default listener password
- CVE Reference
- CCE Reference
- Database Type
- Weak Passwords
- All versions of Oracle
- The default password has not been changed on the listener service. A knowledgeable attacker will try the default password, and will be able to use the listener service to write files on the operating system, possibly gaining access as the account that owns oracle.
- The default listener password (Oracle) has not been changed. If you do not change the listener password, an attacker can easily gain control over the listener service and can
- shutdown the listener or
- perform other administrative actions on the listener
This attack can be mounted by any remote users that can send packets to the IP address and port of the listener. It can not be mounted by an attacker outside your organization if a firewall is properly protecting the database.
This is a dangerous vulnerability since many database administrators are unaware that the listener service accepts commands from remote sources. This allows anyone on the network to attempt to break into the listener.
There are several vulnerabilities already in existence that use the privileges of the listener to perform actions such as:
- creating .rhost files
- corrupting the Oracle database files
If you do not set a password on the listener, an attacker can gain control of the listener and use the vulnerabilities listed above to gain access to the operating system as the owner of the Oracle software.
- is a server-side program that manages connecting clients to the database.
- handles the connection request from a client to a database
- first accepts the connection and then negotiates with the database to setup a channel between the two end
- returns the connection information to the client allowing the client and database to establish a connection
The listener typically runs under the following privileges:
- Using the Oracle software owner account on UNIX
- Using the LocalSystem account on Windows
Because the listener has such a high level of privileges, any actions this process can take should be restricted.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.