Script to check for username and password are same

**msuresh** · 02-26-2003 02:21 PM

Can someone help me writing a script which will check for all the users in the database who are having the same password as username.

Thanks

**Shestakov** · 02-26-2003 02:38 PM

see :http://www.dbasupport.com/forums/sho...threadid=34191

it may be interesting for u.

**stecal** · 02-26-2003 02:40 PM

Tell you what, why don't you look at dba_users and see if you can crack the "encrypted" password string. When you can do that, you can check to see if username=password.

**msuresh** · 02-26-2003 03:12 PM

Hi,
You guys are thinking too deep on this matter.I dont want to see the password of any users.I just want a script which will take all the username in a cursor and connects to the database with the same username and password.If connection is established,then the user have the same password as username.Pls. help.

Thanks

**marist89** · 02-26-2003 03:13 PM

Personally, I'd write a perl script that retrieved all the usernames from the database. I would then try to connect to each user using the username=password and record the results.

**msuresh** · 02-26-2003 03:15 PM

Thats what i am looking for but i am not good in writing script.Any help???

**marist89** · 02-26-2003 03:34 PM

Sure, I get $150/hour + expenses for custom development...

**stecal** · 02-26-2003 03:38 PM

This is a no-brainer script. If you can't figure out how to do something like this, I would suggest doing some homework. Cut and paste the results of the query.

Code:

SQL> select 'conn '||username||'/'||username||'@'||name string
  2  from dba_users, v$database;

STRING
---------------------------------------------------------------
conn SYS/SYS@DB00
conn SYSTEM/SYSTEM@DB00
conn OUTLN/OUTLN@DB00
conn NEWUSER/NEWUSER@DB00
conn DBSNMP/DBSNMP@DB00
conn STECAL/STECAL@DB00
conn Scott/Scott@DB00
conn DBAF/DBAF@DB00
conn MIKE/MIKE@DB00
conn MIN1/MIN1@DB00
conn MIN2/MIN2@DB00
conn JONES/JONES@DB00
conn DUMMY/DUMMY@DB00
conn SCOTT/SCOTT@DB00
conn ADAMS/ADAMS@DB00
conn CLARK/CLARK@DB00
conn BLAKE/BLAKE@DB00

17 rows selected.

Code:

SQL> conn SYSTEM/SYSTEM@DB00
ERROR:
ORA-01017: invalid username/password; logon denied


SQL> conn OUTLN/OUTLN@DB00
Connected.
SQL> conn NEWUSER/NEWUSER@DB00
ERROR:
ORA-01017: invalid username/password; logon denied


Warning: You are no longer connected to ORACLE.
SQL> conn DBSNMP/DBSNMP@DB00
Connected.
SQL> conn STECAL/STECAL@DB00
Connected.
SQL>

**SANJAY_G** · 02-27-2003 12:18 AM

Why do you allow the users to use such password in first place?

Oracle's default routine for password complexity varification checks that. You can implement this by running by running utlpwdmg.sql
It also adds several other features for password policy management. You can even modify the verification routine. Once implemented it will not allow the users to create password which is same as username.

Code:

SQL> create user sanjay_g identified by sanjay_g;
create user sanjay_g identified by sanjay_g
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password same as user


SQL> alter user sanjay identified by sanjay;
alter user sanjay identified by sanjay
*
ERROR at line 1:
ORA-28003: password verification for the specified password failed
ORA-20001: Password same as user

HTH

Thread: Script to check for username and password are same

Thread Tools

Display

Script to check for username and password are same

Bookmarks

Bookmarks

Posting Permissions