| VID |
14249 |
| Severity |
30 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The ALTIBASE login failure lock policy setting on the remote host is not secure.
If you do not limit the number of failed login attempts, there is a risk that an attacker may obtain a password through brute force attacks.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Solution 1. Change Password Policy for Each User
1.1 Confirm Password Policy Setting
select * from system_.sys_users_;
1.2 Setting Password Policy for the Following Properties
FAILED_LOGIN_ATTEMPTS
¡Ø Use the following command to apply the policy.
ALTER USER username LIMIT (property number);
example) ALTER USER TESTUSER LIMIT (FAILED_LOGIN_ATTEMPTS 7);
Solution 2. ALTIBASE HDB Property File
Change $ALTIBASE_HOME/conf/altibase.properties |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
