Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide
SRG-APP-000516-WSR-000174
OHS must not have the directive PlsqlDatabasePassword set in clear text.
OHS must not have the directive PlsqlDatabasePassword set in clear text.
An XCCDF Rule
Details
Profiles
Prose
OHS must not have the directive PlsqlDatabasePassword set in clear text.
High Severity
<VulnDiscussion>OHS supports the use of the module mod_plsql, which allows applications to be hosted that are PL/SQL-based. To access the database, the module must have a valid username, password and database name. To keep the password from an attacker, the password must not be stored in plain text, but instead, obfuscated.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>