Oracle Default SID

info Nessus Plugin ID 22074

Synopsis

It was possible to identify databases on the remote host.

Description

The remote Oracle database server either contains one or more databases that use well-known System Identifiers (SIDs) or supports the 'services' command as a means of listing available SIDs on the affected system.

Since an Oracle SID serves to uniquely identify a particular database on a given host and is required when connecting to an Oracle database, an attacker can leverage these SIDs to attempt to access databases on the remote host.

Solution

Change any SIDs that are identified.

Plugin Details

Severity: Info

ID: 22074

File Name: oracle_default_sids.nbin

Version: 1.282

Type: remote

Family: Databases

Published: 7/19/2006

Updated: 11/22/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:oracle:database_server

Excluded KB Items: global_settings/supplied_logins_only