Wednesday, October 24, 2007

Alpha Version of checkpwd cracks APEX passwords

At least it's supposed to. As Pete Finnegan points out, the Alpha release of Red Database Security's checkpwd has a new feature which attempts to crack APEX passwords.

I downloaded and installed it, and got the same ORA-12154 error that Pete did. Bypassing the TNSNAMES.ora file seemed to do the trick, and checkpwd was able to run against a local APEX 3.0 instance of Oracle XE.

However, based on these results:

I get the feeling that the APEX portion is not quite working... I will cut them some slack, as this is after all an Alpha release.

As far as I know, this is the first tool of its kind for APEX passwords. It's definitely a good thing, as the only way weak passwords can be fixed is if they can be identified. I look forward to seeing more stable and complete releases of this useful tool.

- Scott -

No comments: