| VID |
25155 |
| Severity |
40 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
PASSWORD_LIFE_TIME value of the ORACLE server on the host system is unsafe. PASSWORD_LIFE_TIME means the number of days the same password can be used for authentication. if this value is set to UNLIMITED or very long day, the possibility of password leak can increase by using the same passowrd for long. so password should be changed regularly by setting PASSWORD_LIFE_TIME value properly.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Reset PASSWORD_LIFE_TIME value that is set by default less than 60
SQL> ALTER PROFILE (DEFAULT or PROFILE_NAME) LIMIT PASSWORD_LIFE_TIME 60;
in case of specific user:
SQL> CREATE PROFILE profile_new LIMIT
FAILED_LOGIN_ATTEMPTS 3
PASSWORD_LIFE_TIME 30
PASSWORD_REUSE_TIME 30
PASSWORD_VERIFY_FUNCTION verify_function
PASSWORD_GRACE_TIME 5 ;
SQL> ALTER USER <user_name> PROFILE profile_new; |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
