Oracle Database Listener has no password

  • If a password is not set on the Listener, someone who knows just a hostname and port number (default port is 1521) has full control over the Listener. They can do the following:
    • Stop the Listener
    • Set a password and prevent others from controlling the Listener
    • Write trace and log files to any file accessible to the process owner of tnslnsr (usually oracle)
    • Obtain detailed information on the Listener, database, and application configuration
  • To password protect your listener, perform the following as your Oracle user:
    $ lsnrctl
    LSNRCTL> change_password
    Old password: 
    New password: 
    Reenter new password: