| VID |
14250 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The ALTIBASE password change interval setting on the remote host is not secure.
In the absence of periodic password changes, an attacker can obtain a password through a brute force attack.
* Platforms Affected:
UNIX, Linux |
| Recommendation |
Solution 1. Change Password Policy for Each User
1.1 Confirm Password Policy Setting
select * from system_.sys_users_;
1.2 Setting Password Policy for the Following Properties
PASSWORD_LIFE_TIME
¡Ø Use the following command to apply the policy.
ALTER USER username LIMIT (property number);
example) ALTER USER TESTUSER LIMIT PASSWORD_LIFE_TIME 90);
Solution 2. ALTIBASE HDB Property File
Change $ALTIBASE_HOME/conf/altibase.properties |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
