Oracle Business Intelligence default administrative credentials
Description
Oracle Business Intelligence Enterprise Edition (OBIEE) is deployed with default administrative credentials that are publicly documented and widely known. These credentials remain active if not changed during or after installation, allowing unauthorized users to authenticate to the administrative interface without any security barriers. An attacker can leverage these default credentials to gain full administrative access to the OBIEE server, enabling complete control over business intelligence data, reports, and system configurations.
Remediation
Immediately change all default administrative credentials for Oracle Business Intelligence. Access the OBIEE administration console and navigate to the Security section to modify passwords for default accounts including 'Administrator', 'weblogic', and any other pre-configured administrative users. Ensure new passwords meet strong complexity requirements (minimum 12 characters with uppercase, lowercase, numbers, and special characters). Additionally, disable or remove any unused default accounts. Implement the principle of least privilege by creating role-based administrative accounts instead of using shared default accounts. Consult the Oracle Business Intelligence Security Guide for your specific version to identify all default accounts that require remediation. After changing credentials, verify that old credentials no longer provide access and document the new credential management procedures in your organization's security policies.