- Threat ID
- Threat Date
- Threat Name
- Default database password
- CVE Reference
- CCE Reference
- Database Type
- Weak Passwords
- All versions of Oracle
- Oracle is installed with a list of well-known usernames and passwords. If a default password has not been changed, an attacker can easily break into a database.
- There is a large number of well-known account/password combinations that can be used by an attacker to break into a database.
These account/password combinations are created from several sources:
1 - installed by default with the database
2 - installed when additional components or 3rd party applications are installed
3 - installed when running samples
After installing a database, you should immediately change any default usernames and passwords.
Additional information including fix script information is available in the licensed versions of Application Security's DbProtect and AppDetectivePro solutions.