UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Oracle accounts should not have permission to view the table SYS.LINK$ which contain unencrypted database link passwords.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2587 DO3686-ORACLE10 SV-24939r1_rule ECAN-1 High
Description
The SYS.LINK$ table contains unencrypted passwords to enable transparent connections to remote databases. In addition, remote database connections themselves can provide information to unauthorized users about remote databases that may assist them in furthering unauthorized access.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( None )
None
Fix Text (F-22859r1_fix)
There are no workarounds to protect against this potential vulnerability but
it is possible to reduce the potential impact by performing the steps below:

1. Drop the database link and create a link without specifying an account and password. To drop and recreate a database link without hard coding the password, execute the commands:

From SQL*Plus:
drop database link [link name];
create database link [link name] using [connection string];

2. Revoke permissions from accounts and roles:

From SQL*Plus:
revoke select on SYS.LINK$ from [account or role];