| VID |
25169 |
| Severity |
30 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The ORACLE server on the host system does not lock the account that has login failure over certain number of attempts. In case that certain number of login failure occurs, if the login attempt is not limited, attacker can access database through brute force attack.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Reset FAILED_LOGIN_ATTEMPTS value as following.
SQL> ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS [3~10];
SQL> ALTER PROFILE [profile_name] LIMIT FAILED_LOGIN_ATTEMPTS DEFAULT; |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
