STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-238433r667473_rule
V-238433
SRG-APP-000516-DB-000363
O112-C1-015000
CAT I
10
Change passwords for DBMS accounts to non-default values. Where necessary, unlock or enable accounts to change the password, and then return the account to disabled or locked status.
Use this query to identify the Oracle-supplied accounts that still have their default passwords:
SELECT * FROM SYS.DBA_USERS_WITH_DEFPWD;
If any accounts other than XS$NULL are listed, this is a finding.
(XS$NULL is an internal account that represents the absence of a user in a session. Because XS$NULL is not a user, this account can only be accessed by the Oracle Database instance. XS$NULL has no privileges and no one can authenticate as XS$NULL, nor can authentication credentials ever be assigned to XS$NULL.)
V-238433
False
O112-C1-015000
Use this query to identify the Oracle-supplied accounts that still have their default passwords:
SELECT * FROM SYS.DBA_USERS_WITH_DEFPWD;
If any accounts other than XS$NULL are listed, this is a finding.
(XS$NULL is an internal account that represents the absence of a user in a session. Because XS$NULL is not a user, this account can only be accessed by the Oracle Database instance. XS$NULL has no privileges and no one can authenticate as XS$NULL, nor can authentication credentials ever be assigned to XS$NULL.)
M
4057