简体繁体 English

Oracle 12c审计追踪。审核跟踪可以显示登录尝试的密码吗？

[英]Oracle 12c Audit Trail. Can audit trail show the password of a login attempt?

原文 2018-11-09 12:22:44 0 1 oracle/ oracle12c/ audit-trail/ ora-01017

I have an application which has been successfully logging into our database for years without issue. 我有一个已经成功登录我们的数据库多年而没有任何问题的应用程序。

The password hasn't changed and i can manually login. 密码没有更改，我可以手动登录。

I enabled the audit trail in the database and can see the failed login attempt and return code of 1017 indicating invalid username and password combination. 我在数据库中启用了审计跟踪，并且可以看到失败的登录尝试，并返回1017的返回码，指示无效的用户名和密码组合。

The password being entered in the application is correct but is still being rejected by the database. 在应用程序中输入的密码是正确的，但仍被数据库拒绝。 I confirmed the user and pass combination by logging in with SQL Developer. 我通过使用SQL Developer登录来确认用户并通过组合。

Is there any way for the audit trail to show the password being received so that i can find out how the password is being altered between the app and the db. 有什么方法可以使审计跟踪显示收到的密码，以便我可以找出在应用程序和数据库之间如何更改密码。

Are there any other causes to 1017 than an invalid user/pass? 除了无效的用户/通行证，还有其他1017原因吗？

1 个解决方案

No, the audit trail does not show the passwords of failed log in attempts. 否，审核跟踪不会显示失败的登录尝试密码。 Using the audit trail you can determine things such as the machine name and OS user that is attempting to log in, but it will not capture the password that was used. 使用审核跟踪，您可以确定诸如计算机名和尝试登录的OS用户之类的内容，但它不会捕获所使用的密码。

Since this application has been logging into the database for years, I am guessing that the database itself has been updated a number of times, correct? 由于该应用程序已经登录数据库已有多年了，我猜数据库本身已经被更新了很多次，对吗？ If so, is it possible that you are running into password case sensitivity issues as a result of an older client being used on the application side? 如果是这样，是否可能由于在应用程序端使用了较旧的客户端而导致密码区分大小写的问题？ If the application is connecting from a machine using an older client, you may want to check out this question: ORA-01017 Invalid Username/Password when connecting to 11g database from 9i client 如果应用程序是使用旧客户端从计算机连接的，则您可能要检查以下问题： ORA-01017从9i客户端连接到11g数据库时，无效的用户名/密码

To test this hypothesis, you could try logging in from the application side by using quotes to pass the credentials. 为了验证该假设，您可以尝试使用引号传递凭据来从应用程序一侧登录。 From the question above: 从上面的问题：

oracle9i defaults to uppercase as it didn't cater for case sensitivity. oracle9i默认为大写，因为它无法满足区分大小写的要求。 instead of changing the database to insensitive, you can connect by pasting your password in double quotes eg `sqlplus youruser/"Password"@db to pass mixed case. 您可以通过将密码粘贴在双引号中来进行连接，而不是将数据库更改为不区分大小写，例如sqlplus youruser /“ Password” @db以传递混合大小写。

If that is not the case, and you want to determine what password is being passed from the application to rule out that avenue, you could use a tool like Wireshark to listen to the traffic and see if you can sniff out what credentials they're using, assuming they aren't using an encrypted connection. 如果不是这种情况，并且您想确定从应用程序传递了什么密码以排除该途径，则可以使用Wireshark之类的工具来监听流量，并查看是否可以嗅出它们所使用的凭据使用，假设他们没有使用加密连接。 Please only explore this if you have complete control over the network or the permission from the appropriate powers that be, as it could be illegal or against your organizations policy to use a tool like Wireshark without permission. 仅当您完全控制网络或获得适当权力的许可时，才可以尝试使用此方法，因为这可能是非法的，或者违反您组织的政策，未经许可使用Wireshark之类的工具。