Hi all!
Did you know since Oracle Database 11g we have a way to quickly identify users with default passwords?
It’s implemented in a really simple way, with a single data dictionary view: DBA_USERS_WITH_DEFPWD
You can identify these users with the query:
select * from dba_users_with_defpwd
Example of output:
USERNAME ------------------------------ DIP MDSYS WK_TEST CTXSYS OLAPSYS OUTLN EXFSYS SCOTT MDDATA ORDPLUGINS ORDSYS XDB LBACSYS SI_INFORMTN_SCHEMA WMSYS
You can see SCOTT listed above, because his password is TIGER, the default one. Change it with:
SQL> alter user scott identified by tiger1;
User altered.
Now if you check the view:
SQL> select * from dba_users_with_defpwd;
USERNAME ------------------------------ DIP MDSYS WK_TEST CTXSYS OLAPSYS OUTLN EXFSYS MDDATA ORDPLUGINS ORDSYS XDB LBACSYS SI_INFORMTN_SCHEMA WMSYS
You don’t see SCOTT on the list anymore. It’s that simple!
Hope it helps to make you database more secure.
Cheers!