How to access user account without knowing password?

In this forum Oracle Applications DBA's, System Administrators & Developers can share their knowledge/issues.
Post Reply
admin
Posts: 2062
Joined: Fri Mar 31, 2006 12:59 am
Location: Pakistan
Contact:

How to access user account without knowing password?

Post by admin »

The objective of the article is to create awareness about the security of Oracle Applications users accounts. How a system Admin or a DBA can get access to your account. They can make changes or approvals using your account and you will not notice but this never means they are doing so or will do such things.

1 - Access to table fnd_user to copy data of these two columns,

select ENCRYPTED_FOUNDATION_PASSWORD,
ENCRYPTED_USER_PASSWORD
from fnd_user where user_name = 'Hayat';

Keep values of these columns in notepad.

2 - Change user password using System Admin responsibility.
3 - Now login with this password and perform activities like you are the owner of that account. Approve PO's, Expense Reports etc.
4 - Once done now update the fnd_user with the values you had copied. Original user encrypted password.

You can see how easy it was to get access to user accounts. I have also seem some function to know users password by creating a function.

Thanks
Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests