Oracle DB Vault and Encryption Exploit
Versions: ALL

Overview
There are a lot of places inside an Oracle Database where one can easily bypass the "protections" provided by Database Vault and other similar schemes.

For now this page is just a placeholder to hold the objects that will be used to construct a working demo in the near future


 
Exploit Demo
Tables PLSCOPE_SQL$
WRR$_CAPTURE_LONG_SQLTEXT
Views DBA_WORKLOAD_LONG_SQLTEXT
V_$SQLAREA
V_$SQLAREA_PLAN_HASH
V_$SQL
V_$SQL_SHARED_MEMORY
V_$SQLSTATS
V_$SQLSTATS_PLAN_HASH
V_$MAPPED_SQL
GV_$SQLSTATS
GV_$SQLSTATS_PLAN_HASH
GV_$SQLAREA
GV_$SQLAREA_PLAN_HASH
GV_$SQL
GV_$SQL_SHARED_MEMORY
GV_$MAPPED_SQL
Fixed Tables X$KKSSQLSTAT
X$KKSSQLSTAT_PLAN_HASH
Fixed Views V_$ADVISOR_CURRENT_SQLPLAN
V_$ALL_SQL_MONITOR
V_$ALL_SQL_PLAN
V_$ALL_SQL_PLAN_MONITOR
V_$DIAG_SESS_SQL_TRACE_RECORDS
V_$DIAG_SQL_TRACE_RECORDS
V_$MAPPED_SQL
V_$PLSQL_DEBUGGABLE_SESSIONS
V_$SQL
V_$SQLAREA
V_$SQLAREA_PLAN_HASH
V_$SQL_BIND_CAPTURE
V_$SQL_BIND_DATA
V_$SQL_BIND_METADATA
V_$SQLCOMMAND
V_$SQLFN_ARG_METADATA
V_$SQLFN_METADATA
V_$SQLPA_METRIC
V_$SQLSTATS
V_$SQLSTATS_PLAN_HASH
V_$SQLTEXT
V_$SQLTEXT_WITH_NEWLINES
V_$SQL_BIND_CAPTURE
V_$SQL_BIND_DATA
V_$SQL_BIND_METADATA
V_$SQL_CS_HISTOGRAM
V_$SQL_CS_SELECTIVITY
V_$SQL_CS_STATISTICS
V_$SQL_CURSOR
V_$SQL_DIAG_REPOSITORY
V_$SQL_DIAG_REPOSITORY_REASON
V_$SQL_JOIN_FILTER
V_$SQL_MONITOR
V_$SQL_MONITOR_SESSTAT
V_$SQL_MONITOR_STATNAME
V_$SQL_OPTIMIZER_ENV
V_$SQL_PLAN
V_$SQL_PLAN_MONITOR
V_$SQL_PLAN_STATISTICS
V_$SQL_PLAN_STATISTICS_ALL
V_$SQL_REDIRECTION
V_$SQL_REOPTIMIZATION_HINTS
V_$SQL_SHARED_CURSOR *
V_$SQL_SHARED_MEMORY *
V_$SQL_TESTCASES ?
   
   
 
Conclusion
If data needs to be encrypted be sure that it is encrypted before it gets to the database.

Related Topics
Database Vault
DBMS_CRYPTO