Calendar
  • No events
AEC v1.0.4

Cyber Security Info
@Cybersecurityinfo

Oracle data redaction vulnerability

August 12, 2014

Share Button

Oracle data redaction is a simple way how to alterate the data resulting from a database query to redact any sensitive details such as credit card numbers. However, David Litchfield has found ways to get to the original data without permission and even use Oracle data redaction to escalate privileges and allow SQL injection attacks. Users are advised to limit access to the DBMS_REDACT function.

Share Button

Comments