| VID |
25158 |
| Severity |
40 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The ORACLE server on the host system has an unsafe account lock time related to certain number of login failure. In case that certain number of login failure occurs, if the login attempt is not limited, attacker can access database through brute force attack.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Reset PASSWORD_LOCK_TIME value as following.
SQL> ALTER PROFILE DEFAULT LIMIT PASSWORD_LOCK_TIME UNLIMITED;
SQL> ALTER PROFILE [profile_name] LIMIT PASSWORD_LOCK_TIME DEFAULT; |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
