Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24186 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 | vdb entry |
| http://secunia.com/advisories/18493 | third party advisory vendor advisory |
| http://www.vupen.com/english/advisories/2006/0323 | vdb entry vendor advisory |
| http://www.securityfocus.com/bid/16287 | vdb entry |
| http://www.kb.cert.org/vuls/id/545804 | third party advisory us government resource |
| http://securitytracker.com/id?1015499 | vdb entry |
| http://www.vupen.com/english/advisories/2006/0243 | vdb entry vendor advisory |
| http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html | |
| http://secunia.com/advisories/18608 | third party advisory vendor advisory |
| http://www.securityfocus.com/archive/1/422262/30/7400/threaded | mailing list |
| http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html |