Home / Vulnerability Database / PL or SQL : Default account
PL/SQL
PL or SQL : Default account
Classification
OWASP Top 10 2013
OWASP Top 10 2017
OWASP ASVS
PCI DSS 4.0
CWE
Overview
The application uses a string whose value corresponds to username or password of a default account. Default accounts with high privileges present one of the highest risks to the database.
Some of the predefined account (password is the same as username): SYSTEM, SYS, SYSMAN, SCOTT, DBSNMP, MGMT_VIEW.
References
- Top 10 Oracle Steps to a Secure Oracle Database Server - Chris Stark / opensecurityresearch.com
- Best Practices for Oracle Databases - red-database-security.com (txt)
- Basic Security Measures for Oracle - oracle-base.com
- Database Real Application Security Administrator’s and Developer’s Guide - docs.oracle.com
- OWASP Top 10 2017 A2-Broken Authentication
- OWASP Top 10 2017-A6-Security Misconfiguration
- CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
MEDIUM
DerScanner Severity Score
Do you want to fix PL or SQL : Default account in your application?
See also
PL/SQL
PL or SQL : Open redirect
PL/SQL
PL or SQL : Cross-site scripting (XSS)
PL/SQL
