The Communication layer used by Oracle databases is referred as Transparent Network Substrate (TNS). TNS name is extremely important component of Oracle database connectivity. It is the unique identifier for Oracle database on the network. TNS password cracking is among the easiest way to attain access and intrude into the system by the hacker. Prior to 10g, TNS listener with blank password is installed by default. In later versions, database administrator assigns TNS name and passwords to specific oracle database while they do Oracle installations and configuration.
TNS password is an ignored security concerns of database administrators whereas it is the most common method to get enter into the Oracle database. Oracle TNS listener without password is a very common vulnerability exist in an Oracle database. It gives an open invitation to intruders to get control of the most precious assets of an organization. A hacker can rename a TNS listener password through exploiting TNS listener vulnerability and gaining access to the system through remote machine. Hackers can also gain access to TNS listener log files once TNS listener password is exploited. It will easily allow remote user shutdown the TNS listener.
Once Oracle TNS listener security is compromised then it becomes easy for intruder to get connected with Oracle database. It will also give hackers privilege to execute Denial of Service attack on the Specific Oracle database to restrict legitimate users to get connected with that particular Oracle database. In such case Oracle database will become offline and remains unavailable to answer any query even from legitimate users.
It is essential to hardened Oracle TNS password to ensure effectiveness of TNS Listener hardening process. Oracle TNS Password Tester provides security to Oracle database servers because it performs checks for listener existence on the network. If Oracle TNS Listener doesn't exist then Oracle TNS Password Tester will inform user that no password is set on the listener. If password on the listener exists then this utility will try to retrieve listener password by applying dictionary attack on the listener.