Name Bypass Oracle Logon Trigger (7826485) [DB05]
Systems Affected Oracle 8-10g Rel. 2
Severity High Risk
Category Bypass Security Feature Database Logon Trigger
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 17 April 2007 (V 1.00)
It is possible to bypass the Oracle database logon trigger. This can cause severe security problems.
Oracle database logon trigger are often used to restrict user access (e.g. based on time or ip addresses) and/or to do audit entries into (custom) tables. This can be bypassed on unpatched systems.
This advisory is available at