Oracle Database Listener has no password

Description

If a password is not set on the Listener, someone who knows just a hostname and port number (default port is 1521) has full control over the Listener. They can do the following:

  • Stop the Listener
  • Set a password and prevent others from controlling the Listener
  • Write trace and log files to any file accessible to the process owner of tnslnsr (usually oracle)
  • Obtain detailed information on the Listener, database, and application configuration

Remediation

To password protect your listener, perform the following as your Oracle user:

$ lsnrctl
LSNRCTL> change_password
Old password: <press enter here>
New password: <enter new password>
Reenter new password: <reenter password>

References