If a password is not set on the Listener, someone who knows just a hostname and port number (default port is 1521) has full control over the Listener. They can do the following:

  • Stop the Listener
  • Set a password and prevent others from controlling the Listener
  • Write trace and log files to any file accessible to the process owner of tnslnsr (usually oracle)
  • Obtain detailed information on the Listener, database, and application configuration


To password protect your listener, perform the following as your Oracle user:

$ lsnrctl
LSNRCTL> change_password
Old password: 
New password: 
Reenter new password: 


Related Vulnerabilities