Revoke Access from SYS.USER$ and SYS.SOURCE$ Tables After Security Scan
(Doc ID 2716717.1)
Last updated on JULY 20, 2024
Applies to:
Oracle Database - Enterprise Edition - Version 12.1.0.1 and laterInformation in this document applies to any platform.
Goal
After running a security scan, vulnerabilities were detected on tables SYS.USER$ and SYS.SOURCE$
The recommendation is to revoke access to these tables from non-SYS/DBA database users.
Access to SYS.USER$ Table
Impact of Violation
User name and password hash may be read from the SYS.USER$ table, enabling a malicious user to launch a brute-force attack against the database.
Action
Restrict access to SYS.USER$ table.
Access to SYS.SOURCE$ Table
Impact of Violation
A malicious user can gain access to the source of all stored packages in the database.
Action
Revoke access to the SYS.SOURCE$ table from the non-SYS/DBA database users.
Impact of Violation
User name and password hash may be read from the SYS.USER$ table, enabling a malicious user to launch a brute-force attack against the database.
Action
Restrict access to SYS.USER$ table.
Access to SYS.SOURCE$ Table
Impact of Violation
A malicious user can gain access to the source of all stored packages in the database.
Action
Revoke access to the SYS.SOURCE$ table from the non-SYS/DBA database users.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |