5.1.1.7 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'DBMS_CREDENTIAL' Package

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

As described below, Oracle Database PL/SQL 'DBMS_CREDENTIAL' package - should not be granted to PUBLIC.

Use of the DBMS_CREDENTIAL package could allow an unauthorized user to add, create, drop, enable and update credentials allowing jobs to run on the operating system.

Rationale:

Solution

To remediate this setting, execute the following SQL statement, keeping in mind if this is granted in both container and pluggable database, you must connect to both places to revoke.

REVOKE EXECUTE ON DBMS_CREDENTIAL FROM PUBLIC;

See Also

https://workbench.cisecurity.org/files/4252