Solved

oarcle 11g database password hashes

Posted on 2013-02-06
6
583 Views
Last Modified: 2013-02-07
Can I ask what table or view 11g db user password hashes are stored in. I always thought they were in dba_user.password but this field seems to be blank.

In sysusers there is also a password field but it only seems to be populated for certain db accounts and not others.

We are trying to do a security healthcheck and I wont ask for hacking tools on how to crack the passwords, just to find the hashes.
0
Comment
Question by:pma111
  • 3
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
SANDY_SK earned 250 total points
Comment Utility
The passwords are not stored in dba_user in 11g anymore, it is in the SYS.USER$ table

See below link for further details
http://blog.flimatech.com/2011/07/17/changing-oracle-password-in-11g-using-alter-user-identified-by-values/
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Any idea why only some accounts with have a record in the password column and others would not?
0
 
LVL 11

Expert Comment

by:SANDY_SK
Comment Utility
If you read thru the link that i gave you, you can see that if only “SPARE4¿ is used to set the password the password version is 11g and in SYS.USER$ password value becomes NULL
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 3

Author Comment

by:pma111
Comment Utility
So in those instances where is the password hash? Or does it mean the password is blank, i.e. no password?
0
 
LVL 73

Assisted Solution

by:sdstuber
sdstuber earned 250 total points
Comment Utility
0
 
LVL 11

Expert Comment

by:SANDY_SK
Comment Utility
I think the article given by sdstuber will give you the complete details.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
From implementing a password expiration date, to datatype conversions and file export options, these are some useful settings I've found in Jasper Server.
This video explains at a high level with the mandatory Oracle Memory processes are as well as touching on some of the more common optional ones.
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now