Saturday, February 14, 2015

Why ORA-1017 ??

Welcome to ORA-1017, my blog on Oracle security, primarily covering Oracle RDBMS 12c. ORA-1017, you might wonder, why did I pick 1017 out of all ORA errors for this blog ?? There are many reasons (personal as well as professional) for picking 1017 out of ~20000 error messages, some of which are
  • This is the error which protects your Oracle database from brute forcing of its users and/or passwords.
  • This is the error, which when not thrown, can result into schema disclosure, password guesses, privilege disclosure to name a few security threats.
  • This is the error, which gave me my first Zero-Day Exploit
  • This is my favourite error out of all ORA errors (very very closely followed by ORA-600 and ORA-7445 errors)
%% oerr ora 1017
01017, 00000, "invalid username/password; logon denied"
// *Cause:
// *Action:

Cause and Action are self-explanatory for ORA-1017 error ;-) A warm welcome, once again, to ORA-1017 !!