Find password for database link

Alright, so when we need to recreate a database link for some reason and we do not happen to have the password handy, we’re usually stuck. However, sometimes there is a way to recover passwords for database links. Unfortunately, the method described below only works for the “old” password versions (<=!

Starting with Oracle, Oracle salts the password hashes, therefore you will need to crack the password and cannot just query it. However, if the database link was created pre-, the password is saved in an “old” format without the salt. To check if there are any database links with this old format, query SYS.LINK$ like so:

SQL> select name, userid from$ where length(passwordx)=50;

NAME                                USERID
----------------------------------- ------------------------------
MYDBLINKNAME                        SIMON

So now we’ve found a database link with a password in the old format, get the encrypted password from the same table:

SQL> select passwordx from$ where name='MYDBLINKNAME';


With this information, we can use the following PL/SQL block (found in the blog of Satyanarayana Murty Munukutla) to calculate the plain password:

set serveroutput on
 db_link_password varchar2(100);
 db_link_password := '0560A31A6EFEC902B9286FFC981F4C9A92F8470D406ADEA670';
 dbms_output.put_line ('Plain password: ' || utl_raw.cast_to_varchar2 ( dbms_crypto.decrypt ( substr (db_link_password, 19) , dbms_crypto.DES_CBC_PKCS5 , substr (db_link_password, 3, 16) ) ) );

Running this block will give you the password:

Plain password: Forget12


Oh no, new comments are currently disabled.
If you want to get in touch with me, please do so via e-mail:

DB Link password encryption/decryption : A step forward | Hatem Mahmoud Oracle's blog, on 2016-12-02 11:00:43 (Website)

[…] as writing a bunch of PL/SQL code to decrypt the password without the need for other tools (as in previous release ) […]

Finding Oracle DB link password : Memory analysis | Hatem Mahmoud Oracle's blog, on 2016-11-16 09:32:46 (Website)

[…] REF : […]

Meine, on 2015-08-12 14:38:38

Hi Simon, Nice workaround! On 11.2 I was able to recreate (drop / create ) db_links without knowing the password using
SELECT dbms_metadata.get_ddl('DB_LINK','','') stmt FROM dual
In my case I was able to modify the statement and execute it when logged on as the link_owner.