You can find original user password in table USER$. Because of security improvements it is not exposed in DBA_USERS view anymore since version 10G. Moreover password is hashed so once set you are not able to know original value. Access to USER$ is as well very restricted.
CREATE USER tomasz IDENTIFIED BY dbaora; SELECT name, password FROM sys.user$ WHERE NAME='TOMASZ'; NAME PASSWORD ------- ------------------- TOMASZ 062AB3D111CBAC0F SELECT username, password FROM dba_users WHERE username='TOMASZ'; USERNAME PASSWORD --------- ---------------- TOMASZ
There are two simple method to change password for a user in Oracle database.
ALTER USER tomasz IDENTIFIED BY newpass; SELECT name, password FROM sys.user$ WHERE NAME='TOMASZ'; NAME PASSWORD ------- ------------------- TOMASZ C3ED4B8DAA60D1FD
another option is to use hash value. Notice I have used old hash value here. So I can connect using old password.
ALTER USER tomasz IDENTIFIED BY VALUES '062AB3D111CBAC0F'; sqlplus> CONNECT tomasz/dbaora
It’s quite popular method to login as another user make some modifications/installations and restore original password. The password can be set as well on another database using hash value to sync passwords between databases.
--save password 062AB3D111CBAC0F sqlplus>ALTER USER tomasz IDENTIFIED BY hacker; --login to user tomasz and do some modifications/installations sqlplus>CONNECT tomasz/hacker --restore original password sqlplus>connect / as sysdba sqlplus>ALTER USER tomasz IDENTIFIED BY VALUE '062AB3D111CBAC0F';
Any user in database can change own password but to change password for other users you need dedicated system privilege ALTER USER.
Have a fun 🙂
Tomasz