Oracle DB passwords weak? Say it isn’t so!

Researchers have found that Oracle’s password mechanism can be broken due to a number of bad decisions, one of them includes using a weak hashing algorithm.

As a result, an attacker with limited resources can practically crack the passwords for any user of an Oracle database. Using a Pentium 4 2.8GHz workstation, it took on average 20 days to recover the plaintext password for a known account name and hash. Moreover, by using pregenerated dictionaries of password plaintext-hash pairs, common account names–such as the SYSTEM account–can be discovered in minutes.

It’s a wonder why people are moving to other SQL databases. Oh, how the mighty have fallen.
Via SecurityFocus