PL or SQL : Weak obfuscation (wrapping)

Classification

OWASP Top 10 2013

A9-Using Components with Known Vulnerabilities

OWASP Top 10 2017

A9-Using Components with Known Vulnerabilities

OWASP Top 10 2021

A6-Vulnerable and Outdated Components

CWE

CWE-1035

Overview

The application uses wrapping - built-in tool for obfuscation PL/SQL code. This algorithm is not secure and can be reversed using publicly available tools.

References

Wrapping PL/SQL Source Code
Is there a benefit in using Oracle’s WRAP to obfuscate PL/SQL Code - Gary / security.stackexchange.com
OWASP Top 10 2017-A9-Using Components with Known Vulnerabilities
CWE-1035

MEDIUM

PL or SQL : Weak obfuscation (wrapping)

Classification

Overview

References

DerScanner Severity Score

Do you want to fix PL or SQL : Weak obfuscation (wrapping) in your application?

See also

PL or SQL : Open redirect

PL or SQL : Cross-site scripting (XSS)

PL or SQL : Weak hashing algorithm