UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Replication accounts should not be granted DBA privileges.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15619 DG0100-ORACLE11 SV-24407r1_rule DCFA-1 Medium
Description
Replication accounts may be used to access databases defined for the replication architecture. An exploit of a replication on one database could lead to the compromise of any database participating in the replication that uses the same account name and credentials. If the replication account is compromised and it has DBA privileges, the database is at additional risk to unauthorized or malicious action.
STIG Date
Oracle 11 Database Instance STIG 2014-01-14

Details

Check Text ( C-938r1_chk )
If a review of the System Security Plan confirms the use of replication is not required, not permitted and the database is not configured for replication, this check is Not a Finding.

If any replication accounts are assigned DBA roles or roles with DBA privileges, this is a Finding.
Fix Text (F-2615r1_fix)
Restrict privileges assigned to replication accounts to the fewest possible privileges.

Remove DBA roles from replication accounts.

Create and use custom replication accounts assigned least privileges for supporting replication operations.