Oracle listener is installed without a listener password. Malicious users can review and modify configuration information. Also, certain versions of the listener can 'leak' information (e.g., user names) through a crafted query to the listener.
Most the maintenance commands for the listener are available to anyone connecting to the listener service (default port of 1521). The listener could be stopped, reconfigured, or corrupted if a password is not assigned to the listening process.
On certain versions, By sending TNS packets with incorrect length bytes, it is possible to see the contents of previous TNS packets. This data usually includes oracle usernames.