ORACLE PASSWORD AUDITOR

Oracle Password Auditor helps auditors to enforce strict password security policy against password cracking by identifying weak password, reverse password and default passwords in the Oracle database. Password recovery becomes extremely easy with this password tool because it automatically retrieves username password hashes from SYS.USER$ table from Oracle database and allows auditors, database administrators and security administrators to either use this tool as password recovery tool, or use it as a password cracker or test the strength of the password according to an organization policy through comprehensive auditing. Weak passwords have been cited by experts from SANS, industry, government, and academia as one of the most critical security threats to computer networks.

It is a database password strength analyzer that proactively identifies the strength of a password against an intrusion attempt. It also checks for defaults passwords which are not changed on Oracle database servers. All default passwords are security threat for the confidentiality, integrity and availability of data. It also provides options like dictionary attacks, brute force attacks and hybrid attacks to audit the weaknesses in enforced password security policy. Oracle Password Auditor also has the ability to present all cracked database passwords in the form of a vulnerability report so that it complies with defined controls and organizational security policy.

Download Trial Version

Oracle Password Auditor is compatible with Oracle database server 8 / Oracle database server 9i / Oracle database server 10g / Oracle database server 11g. It also facilitates in achieving strengthened governance and Regulatory Compliance standards like Sarbanes-Oxley Act (SOX) (USA) , Health Insurance Portability and Accountability Act (HIPAA) (USA) , Gramm-Leach-Bliley Act (GLBA) (USA) Federal Information Security Management Act (FISMA) (USA) , Data Protection (EU, UK, Canadian) J-SOX (Japan), LSF (France), Payment Card Industry Data Security Standard (PCI/DSS), security frameworks such as ISO 27001, and COBIT or NIST.

Following are some examples of weak passwords:

1. Default passwords such as those used in most software applications (SAP, symbol , weblogic, dbsnmp, tiger etc).
2. Popular passwords (qwerty, 123456, password, letmein, abc123, monkey etc.).
3. Repeated combinations of symbols as passwords (aabbcc, 123123, aaaa, 7777777 etc.).
4. Inversion of common words as passwords (drowssap, nimda etc.).
5. Passwords coinciding with user name or its variations.
6. Short passwords having up to 7 characters, which can be found with brute force attack.
7. Passwords derived from common words or word combinations that can quickly be discovered with a dictionary attack.
8. Passwords based on personal data.
9. Passwords based on user characteristics.
10. Passwords based on modified version of older passwords.

The best way to identify weak passwords is to conduct audits on regular basis.

Key Features and Benefits:

• Determines the strength and security of corporate database servers against malicious activities.
• Tests the strength of passwords which protects user accounts from intrusion.
• Recovers usernames passwords.
• Helps in achieving regulatory compliance.
• Performs brute force and hybrid attacks.