2.2.11 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE'

Information

The SEC_CASE_SENSITIVE_LOGON information determines whether or not case-sensitivity is required for passwords during login.

Note: This parameter has been deprecated in 12.1 and higher versions.

Rationale:

Oracle database password case-sensitivity increases the pool of characters that can be chosen for the passwords, making brute-force password attacks quite difficult.

Solution

To remediate this setting, execute the following SQL statement.

ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = TRUE SCOPE = SPFILE;

References:

http://docs.oracle.com/database/121/REFRN/GUID-F464653A-0D43-4A70-8F05-0274A12C8578.htm#REFRN10299

See Also

https://workbench.cisecurity.org/files/2741

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv6|16, CSCv7|4.4

Plugin: OracleDB

Control ID: 0b6bea50d87ee730115a67e6bfd4f24b46ec5fbd3da7e9a905de1dc8e4e1de09