| VID |
25161 |
| Severity |
30 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The password verify function is not specified in ORACLE server on the host system.
The PASSWORD_VERIFY_FUNCTION value specifies a PL/SQL function to be used for password verification when users who are assigned this profile log in to a database.
If Password Verify Function is not specified, the ORACLE server is vulnerable as only a default password policy is applied.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Modify the PASSWORD_VERIFY_FUNCTION profile parameter by executing the following command:
SQL> ALTER PROFILE DEFAULT LIMIT
SQL> PASSWORD_VERIFY_FUNCTION <function name ex)verify_password_dod>; |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
