Oracle Database Listener has no password

Description
  • If a password is not set on the Listener, someone who knows just a hostname and port number (default port is 1521) has full control over the Listener. They can do the following: <br/> <ul> <li>Stop the Listener</li> <li>Set a password and prevent others from controlling the Listener</li> <li>Write trace and log files to any file accessible to the process owner of tnslnsr (usually oracle)</li> <li>Obtain detailed information on the Listener, database, and application configuration</li> </ul>
Remediation
  • To password protect your listener, perform the following as your Oracle user: <pre> $ lsnrctl LSNRCTL> change_password Old password: <press enter here> New password: <enter new password> Reenter new password: <reenter password> </pre>
References