3.7 Ensure 'DBA_USERS.PASSWORD' Is Not Set to 'EXTERNAL' for Any User

Information

As allowing remote OS authentication of a user to the database can potentially allow supposed 'privileged users' to connect as 'authenticated,' even when the remote system is compromised, these logins should be disabled/restricted according to the needs of the organization.

Solution

To remediate this setting execute the following SQL statement. ALTER USER <username> IDENTIFIED BY <password>;

See Also

https://workbench.cisecurity.org/files/601

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2

Plugin: OracleDB

Control ID: c31ee34bc229baceed587cec49cbe402348b80fc834a4684a2fc3e86afa4d780