Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Nmap NSE net: oracle-enum-users

Information

Severity

Severity

Critical

Family

Family

Nmap NSE net

CVSSv2 Base

CVSSv2 Base

9.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Solution Type

Solution Type

Mitigation

Created

Created

12 years ago

Modified

Modified

5 years ago

Summary

Attempts to enumerate valid Oracle user names against unpatched Oracle 11g servers (this bug was fixed in Oracle's October 2009 Critical Patch Update). SYNTAX: userdb: The filename of an alternate username database. passdb: The filename of an alternate password database. tns.sid: specifies the Oracle instance to connect to unpwdb.userlimit: The maximum number of usernames 'usernames' will return (default unlimited). unpwdb.passlimit: The maximum number of passwords 'passwords' will return (default unlimited). oracle-enum-users.sid: the instance against which to attempt user enumeration unpwdb.timelimit: The maximum amount of time that any iterator will run before stopping. The value is in seconds by default and you can follow it with 'ms', 's', 'm', or 'h' for milliseconds, seconds, minutes, or hours. For example, 'unpwdb.timelimit=30m' or 'unpwdb.timelimit=.5h' for 30 minutes. The default depends on the timing template level (see the module description). Use the value '0' to disable the time limit.