OID: How To Change The Storage Of All Passwords And Password Verifiers Hash Formats To SHA?
(Doc ID 1534243.1)
Last updated on AUGUST 11, 2022
Applies to:
Oracle Internet Directory - Version 11.1.1 and laterInformation in this document applies to any platform.
Goal
Oracle Internet Directory (OID) 11g, 12c or higher.
During a security pen test, the following password formats were observed in OID directory:
X-ORCLDBPWD - Legacy Oracle database password format.
X-ORCLNTV - Windows NTLM.
X-ORCLLMV - Windows LanMan.
MD5, SASL/MD5, X-ORCLWEBDAV, X-ORCLCIFSMD5 - MD5
SSHA - SHA-1
X-ORCLNTV - Windows NTLM.
X-ORCLLMV - Windows LanMan.
MD5, SASL/MD5, X-ORCLWEBDAV, X-ORCLCIFSMD5 - MD5
SSHA - SHA-1
The pen test recommendation is that only the SHA method should be used to store passwords.
How to set all password and verifiers hashes to also be SSHA512?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |