Oracle TNS Listener has an empty password
| oracle-tns-listener-empty-password (18040) |  High Risk |
Description:
Transparent Network Substrate (TNS) Listener handles all remote client connection requests for Oracle services. By default, the TNS Listener has an empty password. This could allow an unauthorized remote user to gain access and shut down the TNS Listener, which would result in a denial of service.
Consequences:
Gain Access
Remedy:
Refer to the Oracle Database Listener Security Guide PDF for information on properly securing the Oracle TNS Listener. See References.
References:
- Oracle Database Listener Security Guide PDF: Oracle Database Listener Security Guide.
- SAINT Corporation Web site: Vulnerability Tutorial - Oracle TNS Listener.
- SecurityFocus PenTest Mailing List, Fri, 11 Jan 2002 15:33:35 -0500: RE: Oracle TNS Listener.
Platforms Affected:
- Oracle Database Server
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net