Oracle Listener Authentication

By providing an Oracle Listener password in an Oracle Listener authentication record, the service is able to authenticate to the Listener and return a list of Oracle System IDs (SIDs) or database names discovered behind the Listener. See Oracle Authentication Setup and Creating Oracle Listener Records to learn how to create an Oracle Listener record to authenticate to the Listener.

Once you have the list of SIDs, you can create an Oracle authentication record for each SID to perform vulnerability scans and compliance scans. See Creating Oracle Records for more information.

QID 19225: Retrieved Oracle Database Name

When Oracle Listener authentication is successful and databases are discovered behind the Listener, QID 19225 "Retrieved Oracle Database Name" is returned in the vulnerability scan results. This QID is listed under Information Gathered in the Detailed Results section of your report. Expand the vulnerability details for QID 19225 and then look at the Results section for the list of database names.

Sample Results:

ORACLE SID = oracle
ORACLE SID = orc1
ORACLE SID = orc2
ORACLE SID = testdb
 

View scan results from the scan history list by selecting Scan on the left menu. Optionally, use other tools such as scan report templates, asset search and host information to find and view QID 19225 in host scan results.

Verifying Authentication

The service returns certain QIDs (shown in the table below) in vulnerability scan results that provide information about authentication status. By viewing scan results, you can verify that authentication occurred on the target hosts defined in your authentication records. For more information on these QIDs, go to Tools > KnowledgeBase and perform a search for the QID you want to learn more about.

Authentication Status