My Oracle Support Banner

Revoke Access from SYS.USER$ and SYS.SOURCE$ Tables After Security Scan (Doc ID 2716717.1)

Last updated on OCTOBER 09, 2020

Applies to:

Oracle Database - Enterprise Edition - Version 12.1.0.1 and later
Information in this document applies to any platform.

Goal

After running a security scan, vulnerabilities were detected on tables SYS.USER$ and SYS.SOURCE$
The recommendation is to revoke access to these tables from non-SYS/DBA database users.

Access to SYS.USER$ Table
Impact of Violation
User name and password hash may be read from the SYS.USER$ table, enabling a malicious user to launch a brute-force attack against the database.
Action
Restrict access to SYS.USER$ table.


Access to SYS.SOURCE$ Table
Impact of Violation
A malicious user can gain access to the source of all stored packages in the database.
Action
Revoke access to the SYS.SOURCE$ table from the non-SYS/DBA database users.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.