Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2587 | DO3686-ORACLE10 | SV-24939r1_rule | ECAN-1 | High |
Description |
---|
The SYS.LINK$ table contains unencrypted passwords to enable transparent connections to remote databases. In addition, remote database connections themselves can provide information to unauthorized users about remote databases that may assist them in furthering unauthorized access. |
STIG | Date |
---|---|
Oracle 10 Database Instance STIG | 2014-01-14 |
Check Text ( None ) |
---|
None |
Fix Text (F-22859r1_fix) |
---|
There are no workarounds to protect against this potential vulnerability but it is possible to reduce the potential impact by performing the steps below: 1. Drop the database link and create a link without specifying an account and password. To drop and recreate a database link without hard coding the password, execute the commands: From SQL*Plus: drop database link [link name]; create database link [link name] using [connection string]; 2. Revoke permissions from accounts and roles: From SQL*Plus: revoke select on SYS.LINK$ from [account or role]; |