XS$NULL

Oracle introduced a new user in version 11 called XS$NULL. It is for Oracle’s internal use only and you should leave it alone. For this reason it is locked and expired when it is created:

 

SQL> select account_status from dba_users

  2  where username = 'XS$NULL';

 

ACCOUNT_STATUS

--------------------------------

EXPIRED & LOCKED

 

SQL>

 

You are advised not to alter this account in any way, even if an auditor asks you to. Oracle does not let you change its password:

 

SQL> conn / as sysdba

Connected.

SQL> alter user xs$null identified by new_pwd

  2  /

alter user xs$null identified by new_pwd

                                 *

ERROR at line 1:

ORA-01031: insufficient privileges

 

SQL>

 

Although you can do so with the password command:

 

SQL> select password from sys.user$

  2  where name = 'XS$NULL';

 

PASSWORD

------------------------------

DC4FCC8CB69A6733

 

SQL> password xs$null

Changing password for xs$null

New password:

Retype new password:

Password changed

SQL> select password from sys.user$

  2  where name = 'XS$NULL';

 

PASSWORD

------------------------------

C17AE3B0A14EA63F

 

SQL>

 

This is because of bug 12822989 and you must not do this.