software composition analysis
Product
SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code
Resources
Vulnerability database Healthy Package
Blog News
Documentation
Pricing Partners About Us Log In
software composition analysis

PL or SQL : Weak obfuscation (wrapping)

Classification

OWASP Top 10 2013 A9-Using Components with Known Vulnerabilities OWASP Top 10 2017 A9-Using Components with Known Vulnerabilities OWASP Top 10 2021 A6-Vulnerable and Outdated Components CWE CWE-1035

Overview

The application uses wrapping - built-in tool for obfuscation PL/SQL code. This algorithm is not secure and can be reversed using publicly available tools.

References

  1. Wrapping PL/SQL Source Code
  2. Is there a benefit in using Oracle’s WRAP to obfuscate PL/SQL Code - Gary / security.stackexchange.com
  3. OWASP Top 10 2017-A9-Using Components with Known Vulnerabilities
  4. CWE-1035

See also

PL or SQL : Weak seed of random number generator
PL or SQL : External information leak
PL or SQL : Insecure GRANT usage: execute permission